CVE-2022-31081

Name of the Vulnerable Software and Affected Versions HTTP::Daemon versions prior to 6.15

Description The issue is related to inconsistent interpretation of HTTP requests when handling Content-Length values, potentially allowing a remote attacker to gain privileged access to APIs or poison intermediate caches by sending specially crafted HTTP requests. This could lead to HTTP request smuggling attacks, enabling an attacker to bypass web application firewall protection and conduct XSS attacks. The library is commonly used for local development and tests, and most Perl-based applications are served on top of Nginx or Apache.

Recommendations For versions prior to 6.15, update to version 6.15 or later to resolve the issue. As a temporary workaround for users unable to upgrade, add additional request handling logic by inspecting the returned HTTP::Request object after calling my $rqst = $conn->get request(), and querying the Content-Length header (my $cl = $rqst->header('Content-Length')) to detect any abnormalities that should be dealt with by a 400 response. Expected strings of Content-Length should consist of either a single non-negative integer or a comma-separated repetition of that number. Anything else should be rejected.