摘要
针对HTTP协议Host头二义性的相关安全问题,深入分析了近期互联网络上与HTTP协议有关的已知与潜在漏洞。围绕这些漏洞,分析并发现了其本质是因RFC的制定与具体实施之间的差异所致。利用所造成上述差异的问题本质,在此基础上创新性地提出了一种重新组合与利用的漏洞挖掘新思路。论文所提出的这种漏洞挖掘新思路,对网络安全研究人员发现与挖掘新的安全漏洞,具有可行的参考意义。
Aiming atunderstanding the securityissuesrelated to multiple hostambiguitiesin HTTP,an in-depth analysisiscarried out on the recent vulnerabilities caused by the flaws of HTTP protocol which are revealed and potentially exist on the Internet. According to the research, the differences between specifications and implementations of RFC essentially contribute to the problem. A novel method of vulnerability detection by reforming and exploiting the flaws is creatively put forward. The method mentioned in this paper carries some practical significance for security researchers to find the new potential vulnerabilities in cyberspace.
出处
《网络空间安全》
2017年第1期50-52,56,共4页
Cyberspace Security
基金
成都信息工程大学科研基金资助项目(KYTZ201618)
关键词
通信协议
二义性
网络安全
漏洞挖掘
communicationprotocol
ambiguity
networksecurity
vulnerabilitydetection
