- I found 1 browser, 1 language, and 15 vulnerabilities in { Web Framework, HTTP Client library, Email library / Web Service, etc }
- All the vulnerabilities I found were found from a single perspective (I investigated maybe 50-80 products).
- The RFC description of the problem (rather confusingly) describes the requirements for this problem, while the WHATWG > HTML Spec is well documented.
- The problem is clearly targeted at the
Content-Dispositionfieldsfilenameandfilename*. - This problem affects HTTP Request/Response/Email in different ways.
HTTP Request: request tampering (especially with file contents, tainting of other fields, etc.)HTTP Response: Reflect File Download vulnerability
Email: Attachment tampering (e.g., extension and filename tampering and potential file content tampering)