h2o TLS Session Resumption Misdirection Vulnerability

A vulnerability in the h2o HTTP server in versions through 2.3.0-beta2 allows for misdirection of TLS session resumption, potentially leading to interception of HTTPS request contents. This issue arises when h2o listens on multiple addresses or ports with different backend servers, and a malicious backend entity can observe or inject packets. The vulnerability allows an attacker to redirect a client's TLS connection resume request to a different server address or port, where the same h2o instance is listening, but controlled by the attacker. As a result, HTTPS requests from the client may be forwarded to the attacker's server.

Impact

Exploitation of this vulnerability could result in unauthorized observation of HTTPS request contents, as well as misdirection of TLS session resumption, allowing an attacker to manipulate which backend server processes the request.

Reproduction

To reproduce this vulnerability, configure an h2o server instance to listen on multiple addresses or ports using host-level listen directives. Ensure that each address or port is connected to different backend servers managed by separate entities. Once the server is set up, a malicious backend entity can intercept and redirect TLS packets from a client attempting to resume a session, leading to misdirection of the HTTPS request.

Remediation

Update h2o to version 2.3.0 or later, or stop using host-level listen directives in favor of global-level ones.