The vulnerability d’jour this week was named HTTPoxy, an applicable pun on pox and proxy. We have patched our servers for this already, and are here to take a few extra steps to help explain the vulnerability and hopefully spread a little knowledge. The first part of this post will explain how the HTTPoxy vulnerability works, and later I will discuss how it may affect WordPress sites. TL;DR: Skip ahead to read how it affects WordPress sites. Here are a few key words / definitions to keep in mind for the following reading: Request Header: This is a list of free form fields which browsers or web clients sent to a web server. Proxy: In technology, a proxy is a service that acts as an intermediary for requests from clients seeking resources from other servers. API: In this context web service APIs are interfaces with third party systems to exchange or process data. This vulnerability is surprisingly, not new, a similar flaw was reported in libwww-perl back in 2001. This is a reminder that sometimes vulnerabilities will keep coming back until they’re ingrained in people’s minds — perhaps that’s one good side effect of the logo+website method of vulnerability
Share This