Bala G (BKrishna)

BKrishna Member since 2018 28 posts
Posted: July 18, 2020
Last activity: July 20, 2020
Posted: 18 Jul 2020 11:45 EDT
Last activity: 20 Jul 2020 6:50 EDT

How to fix HTTP request smuggling security issue in Pega Application?

Please find attached word document which contains detailed screenshots. 

Step 1: Access the URL and capture the request.*/!STANDARD

Step 2: Adding the duplicate headers and forward the request.

Step 3: The attacker causes part of their front-end request to be interpreted by the back-end server as the start of the next request. It is effectively prepended to the next request, and so can interfere with the way the application processes that request. This is a request smuggling attack, and it can have devastating results. Now, Forward the request twice or multiple times in order to observe the error message with “status-501 ,GPOST Method not implemented”.

Any help greatly appreciated.


***Edited by Moderator: Pallavi to update platform capability tags***  

Pega Platform 7.3.1 Low-Code App Development System Administration Security Technology Services Senior System Architect