W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2010

Re: Security considerations for DNS rebinding

From: Adam Barth <w3c@adambarth.com>
Date: Tue, 9 Feb 2010 11:14:40 -0800
Message-ID: <7789133a1002091114jf678306pb5937a00e068e52d@mail.gmail.com>
To: Maciej Stachowiak <mjs@apple.com>
Cc: Amit Klein <aksecurity@gmail.com>, Tim <tim-projects@sentinelchicken.org>, HTTP Working Group <ietf-http-wg@w3.org>
On Tue, Feb 9, 2010 at 10:51 AM, Maciej Stachowiak <mjs@apple.com> wrote:
> On Feb 9, 2010, at 10:23 AM, Amit Klein wrote:
>> Note that Host header verification is only effective if it can be
>> guaranteed that the client side cannot forge it - see
>> http://www.securityfocus.com/archive/1/445490/30/0/threaded
>
> I see some specific IE vulnerabilities cited here which allow the Host header to be forged via request splitting over a proxy: <http://www.securityfocus.com/archive/1/411585> It also cites some old Mozilla bugs that enabled header injection. And also some Flash vulnerabilities
>
> Do these vulnerabilities or any similar ones still exist in current versions of browsers or in Flash?

Not that I'm aware of.  Put another way, all the user agents that have
those vulnerabilities also have known arbitrary code execution
vulnerabilities, so it's not really worth worrying about.

Adam
Received on Tuesday, 9 February 2010 19:15:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:16 GMT