EXPLOITING URL PARSER CONFUSION

About the Report

Claroty’s research arm, Team82, has collaborated with researchers from security firm Snyk to examine the security of URL parsing libraries. Oftentimes, different libraries parse the same URL differently, and this can cause unexpected behaviors in web applications and enable denial-of-service attacks, information leaks, and even remote code execution.

Our joint research uncovered five categories of inconsistencies in how libraries parse URLs to their basic components and eight vulnerabilities among the 16 libraries we examined. We have co-authored this paper to categorize and explain those inconsistencies, delve into the complexities of URL components and the specifications guiding their development, and provide some guidelines to improve the security of URL parsing.

Download this paper to learn: 

  • More about parsing confusion caused by multiple parsing libraries implemented in projects
  • How specification incompatibility creates inconsistencies by design and vulnerabilities developers may not be familiar with
  • Why bypasses for Log4j vulnerability mitigations can be traced in part to inconsistencies in URL parsing