The Request Smuggling filter must be enabled.
An XCCDF Rule
Description
<VulnDiscussion>Security scans show Request Smuggling vulnerability on IIS server. The vulnerability allows a remote attacker to perform HTTP request smuggling attack. The vulnerability exists due to the way that HTTP proxies (front-end) and web servers (back-end) that do not strictly adhere to RFC standards handle sequences of HTTP requests received from multiple sources. A remote attacker can send a specially crafted request to a targeted IIS Server, perform HTTP request smuggling attack and modify responses or retrieve information from another user's HTTP session.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-268325r1025163_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Navigate to "HKLM\System\CurrentControlSet\Services\HTTP\Parameters".
Create REG_DWORD "DisableRequestSmuggling” and set it to "1".
Note: This can be performed multiple ways; this is an example.