Nmap Development mailing list archives

Re: Processing of malformed HTTP header names

From: Paulino Calderon <paulino () calderonpale com>
Date: Mon, 24 Oct 2016 09:23:32 -0400

Hello,

I just noticed this behavior/bug last week while I was adding a signature for Oracle Web Logic Console. The call failed 
because of the malformed header. 
I’m not aware of any problems that this change will cause so I think it’s safe to apply this.

Cheers.

On Oct 23, 2016, at 10:54 AM, nnposter <nnposter () users sourceforge net> wrote:

I would like to solicit input on modifying http.lua to allow processing
of HTTP responses even if they contain a malformed header, such as an
invalid character in the name or just superfluous whitespace between the
name and the colon. As of now http.lua rejects such responses.

A real-world example on which NSE scripts fail:

 HTTP/1.1 200 OK
 Server: Netgear
 Content-Type: text/html
 Pragma: no-cache
 Last Modified: Fri, 16 July 2001 01:01:01 GMT
 Connection: close


I am proposing for http.lua to process such responses, simply skipping
over the malformed header.

Details at https://github.com/nmap/nmap/issues/573


Cheers,
nnposter
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Processing of malformed HTTP header names nnposter (Oct 23)
- Re: Processing of malformed HTTP header names Paulino Calderon (Oct 24)