httpoxy Remote Agent infection vulnerability

2016-07-19T00:00:00
ID SSV:92134
Type seebug
Reporter Fooying
Modified 2016-07-19T00:00:00

Description

Vulnerability details and summary from the <http://bobao.360.cn/learning/detail/2903.html>

A. Foreword

httpoxy is a newly exposed vulnerability is mainly present in apache and other components in the HTTP header of the Proxy Field name is converted to“HTTP_PROXY”, Value value is unchanged, and thus will be passed to the corresponding CGI to execute. If the CGI or the script used in the external request of the Assembly relies on the“HTTP_PROXY”environment variable, then it may be contaminated.

More serious situation is in the CGI inside the request the connection is one that relates to the internal privacy of the links, that is likely more severe.

II. Practice test

Principle things fundamental“Preface“also encompasses, here is a simple test example.

  1. In 123.59.120.9 use apache to build a cgi-bin service
  2. In there create one called“360sec.sh“, the content is as follows

  3. The analog to do a request, note where the Proxy field 123.59.119.25:3000 is I do a proxy

  4. Request done, you can 123.59.119.25 see 123.59.120.9 request Note: actually wget and curl with the lowercase of“http_proxy“, not Is this affect, the examples for convenience I modified the next, is essentially the same.

III. On impact

Glad and not glad that 1. A lot of internal API or using the trusted ssl communication, so that the actual is not affected 2. Although https://httpoxy. org/ cite some examples, but the looks did not affect so much 3. The most fun is wget/curl is not affected, there are other objections can be fed over 4. But to the evil mindset look at, the estimated next going to start the outbreak of various attack posture, do not determine up the kind of posture

IV. On the repair

Calm down, look at this hole, but it's a depressing repair work.

To already have the insider link.

https://access.redhat.com/security/vulnerabilities/httpoxy

Reference links

  • https://httpoxy.org/
  • https://www.symfony.fi/entry/httpoxy-vulnerability-hits-php-installations-using-fastcgi-and-php-fpm-and-hhvm?from=timeline&isappinstalled=0