New flaws that could be exploited by hackers have been uncovered in the Common Gateway Interface (CGI) widely used by web sites. According to the site https://httpoxy.org/ the httpoxy set of vulnerabilities affect application code running in CGI, or CGI-like environments, including PHP, Go, Python and others. Christopher Fearon, director of security research at Black Duck Software commented below.
Christopher Fearon, Director of Security Research at Black Duck Software:
“It’s extremely likely that these flaws will lead to attacks since the flaw is easy to exploit. But mitigation is quick to perform, although many separate pieces of open source software are affected and must be patched separately.”
“Simply block or remove the ‘Proxy’ request headers as early as possible, preferably on the application firewall or directly on the webserver. All external requests from any webserver should be locked down and monitored. Outward access should be granted on a whitelist basis. The good news is that vendors (such as lighttpd) are already implementing updates.”
He continued: “Sites running over HTTPS are not vulnerable, which is yet another reason why all sites should implement HTTPS.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
Meta’s fine over data privacy breaches underscores the critical challenges…
Hi, Thanks, that is really useful information. I do have…
“This is a very worrying attack that hit T-Mobile and…
“This latest cyberattack against T-Mobile may be smaller than previous…
“Genesis Market is a complex global criminal access marketplace. Buyers…