Blog Header Banner

Archive for the ‘httpoxy’ tag

No not Pokemon, teenage bugs are attacking your website server   no comments

Posted at Jul 26, 2016 @ 9:36am Web hosting

httpoxyblogimagepokemon

Unfortunately, despite the trend, the bugs I’m referring to are not Pokemon.

Instead, they’re easily exploitable security bugs, discovered 15 years ago, that have reemerged, leaving your website or server potentially open to hijackers.

It’s being called the “httpoxy flaw” and it exists in a variety of server software, including PHP, Go, Apache HTTP server, Apache TomCat, and Python. If exploited, it can potentially be used to seize control of your website and access sensitive data.

Httpoxy is a set of vulnerabilities that affect applications running in CGI, or CGI-like environments. Essentially it comes down to a simple namespace conflict. This, in turn, can be exploited to configure outgoing proxies, allowing attackers to remotely execute malicious code.

Red Hat, Microsoft, The Apache Software Foundation, Ngnix, CloudFlare and others have released security advisories in an attempt to warn users of the httpoxy flaw.

Based on the affected software, specific CVE (Common Vulnerabilities and Exposures) numbers have been assigned: CVE-2016-5385 in PHP; CVE-2016-5386 in Go; CVE-2016-5387 in Apache HTTP server; CVE-2016-5388 in Apache TomCat; CVE-2016-1000109 in PHP-engine HHVM; and CVE-2016-1000110 in Python. Researches expect more CVEs coming for httpoxy as less common software is inspected.

Luckily if your website is hosted on TurnKey Internet’s cloud hosting platform (https://turnkeyinternet.net/linux-cpanel-web-hosting/) you are already protected. If you have any questions or additional concerns, feel free to email our support team (helpdesk@turnkeyinternet.net) and we would be more than happy to assist you.

Follow Us : Facebooktwitterlinkedinyoutubeinstagram
Share : Facebooktwitterredditlinkedinmail

Written by David Maurer on July 26th, 2016

Tagged with , , , , ,