Kamailio vulnerable to header smuggling possible due to bypass of remove_hf

September 1, 2020

Posted by Sandro Gauci on Sep 01

# Kamailio vulnerable to header smuggling possible due to bypass of remove_hf

– Fixed versions: Kamailio v5.4.0
– Enable Security Advisory: <https://github.com/EnableSecurity/advisories/tree/master/ES2020-01-kamailio-remove-hf>
– Tested vulnerable versions: 5.3.5 and earlier
– Timeline:
– Report date & issue patched by Kamailio: 2020-07-16
– Kamailio rewrite for header parser (better fix): 2020-07-16 to 2020-07-23
-…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon

Original Source
Tags: , , , , , , , , ,

You may have missed

HIBP Banner 1

T2 – 94,584 breached accounts

April 25, 2024
CISA Logo

CISA: CISA Releases Three Industrial Control Systems Advisories

April 25, 2024
CISA Logo

CISA: CISA Releases Four Industrial Control Systems Advisories

April 25, 2024
CISA Logo

CISA: Oracle Releases Critical Patch Update Advisory for April 2024

April 25, 2024
CISA Logo

CISA: Joint Guidance on Deploying AI Systems Securely

April 25, 2024