The vulnerability d’jour this week was named HTTPoxy, an applicable pun on pox and proxy. We have patched our servers for this already, and are here to take a few extra steps to help explain the vulnerability and hopefully spread a little knowledge. The first part of this post will explain how the HTTPoxy vulnerability works, and later I will discuss how it may affect WordPress sites. TL;DR: Skip ahead to read how it affects WordPress sites. Here are a few key words / definitions to keep in mind for the following reading: Request Header: This is a list of free form fields which browsers or web clients sent to a web server. Proxy: In technology, a proxy is a service that acts as an intermediary for requests from clients seeking resources from other servers. API: In this context web service APIs are interfaces with third party systems to exchange or process data. This vulnerability is surprisingly, not new, a similar flaw was reported in libwww-perl back in 2001. This is a reminder that sometimes vulnerabilities will keep coming back until they’re ingrained in people’s minds — perhaps that’s one good side effect of the logo+website method of vulnerability
Share This

We are using cookies on our website

Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.