Maciej Stachowiak wrote on 2/9/2010 4:13 AM: > HTTPbis should address this threat in the security considerations > section, and should strongly consider making it a MUST-level > requirement for servers to check that the Host header is a host they > serve. If HTTP had that requirement and all servers followed it, then > the risk of DNS rebinding attacks would be eliminated. Another threat is an attacker crafting a malicious payload in the Host header, hoping that it gets logged then viewed via a web browser. And some webapps conditionally show debugging information based on the host header, so that the production hostname has a generic error page and the staging hostname produces a full stack trace. Simply forging the host header allows an attacker to view the full debugging information. There are probably other threats too, such as a site using the Host header to craft links, etc. - BilReceived on Wednesday, 10 February 2010 09:38:18 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 19 December 2010 00:16:02 GMT