[SR-Users] Kamailio vulnerable to header smuggling possible due to bypass of remove_hf

Yufei Tao yufei.tao at gmail.com
Wed Sep 2 14:22:13 CEST 2020


The security tests were done to find theoretically possible flaws and help
make Kamailio "bullet proof". Well it's already a lot more robust than most
others. I think Daniel and Henning have made it very clear about the scope
of the bug.

For me if it is something that's been there for so many years without being
noticed, it would be a bit surprising if declared as a high risk problem.
Plus isn't this something you should find out if you do your testing
properly? If it were to create big troubles for anyone, that means they had
never tested their deployment properly in the past 18 years?? That's where
I get confused.

Of course anyone can fork and build Kamailio themselves if they really need
something urgently since it's open source.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200902/d78247a0/attachment.htm>

More information about the sr-users mailing list