Maciej Stachowiak wrote on 2/9/2010 4:13 AM: > HTTPbis should address this threat in the security considerations > section, and should strongly consider making it a MUST-level > requirement for servers to check that the Host header is a host they > serve. If HTTP had that requirement and all servers followed it, then > the risk of DNS rebinding attacks would be eliminated. Another threat is an attacker crafting a malicious payload in the Host header, hoping that it gets logged then viewed via a web browser. And some webapps conditionally show debugging information based on the host header, so that the production hostname has a generic error page and the staging hostname produces a full stack trace. Simply forging the host header allows an attacker to view the full debugging information. There are probably other threats too, such as a site using the Host header to craft links, etc. - BilReceived on Wednesday, 10 February 2010 09:38:15 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:13:05 UTC