Nmap Development mailing list archives
Re: Processing of malformed HTTP header names
From: Paulino Calderon <paulino () calderonpale com>
Date: Mon, 24 Oct 2016 09:23:32 -0400
Hello, I just noticed this behavior/bug last week while I was adding a signature for Oracle Web Logic Console. The call failed because of the malformed header. I’m not aware of any problems that this change will cause so I think it’s safe to apply this. Cheers.
On Oct 23, 2016, at 10:54 AM, nnposter <nnposter () users sourceforge net> wrote: I would like to solicit input on modifying http.lua to allow processing of HTTP responses even if they contain a malformed header, such as an invalid character in the name or just superfluous whitespace between the name and the colon. As of now http.lua rejects such responses. A real-world example on which NSE scripts fail: HTTP/1.1 200 OK Server: Netgear Content-Type: text/html Pragma: no-cache Last Modified: Fri, 16 July 2001 01:01:01 GMT Connection: close I am proposing for http.lua to process such responses, simply skipping over the malformed header. Details at https://github.com/nmap/nmap/issues/573 Cheers, nnposter _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Processing of malformed HTTP header names nnposter (Oct 23)
- Re: Processing of malformed HTTP header names Paulino Calderon (Oct 24)