Jump to content

Vulnerabilidade HTTPOXY


Revenge
 Share

Recommended Posts

Quote

What can happen if my web application is vulnerable?

If a vulnerable HTTP client makes an outgoing HTTP connection, while running in a server-side CGI application, an attacker may be able to:

  • Proxy the outgoing HTTP requests made by the web application
  • Direct the server to open outgoing connections to an address and port of their choosing
  • Tie up server resources by forcing the vulnerable software to use a malicious proxy

httpoxy is extremely easy to exploit in basic form. And we expect security researchers to be able to scan for it quickly. Luckily, if you read on and find you are affected, easy mitigations are available.

https://httpoxy.org/

Esta vulnerabilidade afecta todos os sites que usam cgi, que é a grande maioria.

O FNF já tem esta vulnerabilidade mitigada. Se alguém usar nginx, basta adicionar aos parâmetros do fastcgi isto: fastcgi_param HTTP_PROXY "";

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.