Inter-protocol Communication

Inter-protocol Communication

Inter-protocol exploitation is a security vulnerability that takes advantage of interactions between two communication protocols, for example the protocols used in the Internet. It is commonly discussed in the context of the Hypertext Transfer Protocol (HTTP). This attack uses the potential of the two different protocols meaningfully communicating commands and data.

It was popularized in 2007 and publicly described in research of the same year. The general class of attacks that it refers to has been known since at least 1994 (see the Security Considerations section of RFC 1738).

Internet protocol implementations allow for the possibility of encapsulating exploit code to compromise a remote program which uses a different protocol. Inter-protocol exploitation can utilize inter-protocol communication to establish the preconditions for launching an Inter-protocol exploit. For example, this process could negotiate the initial authentication communication for a vulnerability in password parsing. Inter-protocol exploitation is where one protocol attacks a service running a different protocol. This is a legacy problem because the specifications of the protocols did not take into consideration an attack of this type.