New flaws that could be exploited by hackers have been uncovered in the Common Gateway Interface (CGI) widely used by web sites. According to the site https://httpoxy.org/ the httpoxy set of vulnerabilities affect application code running in CGI, or CGI-like environments, including PHP, Go, Python and others. Christopher Fearon, director of security research at Black Duck Software commented below.
Christopher Fearon, Director of Security Research at Black Duck Software:
“It’s extremely likely that these flaws will lead to attacks since the flaw is easy to exploit. But mitigation is quick to perform, although many separate pieces of open source software are affected and must be patched separately.”
“Simply block or remove the ‘Proxy’ request headers as early as possible, preferably on the application firewall or directly on the webserver. All external requests from any webserver should be locked down and monitored. Outward access should be granted on a whitelist basis. The good news is that vendors (such as lighttpd) are already implementing updates.”
He continued: “Sites running over HTTPS are not vulnerable, which is yet another reason why all sites should implement HTTPS.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…