IMPORTANT SECURITY WARNING: httpoxy and Zend Server

General discussion forum for the Zend Server

IMPORTANT SECURITY WARNING: httpoxy and Zend Server

Postby MickeyZend on Wed Aug 03, 2016 3:33 pm

We want to ensure you’re aware of the new vulnerability, httpoxy, which exists in multiple web servers and languages. This vulnerability may allow remote attackers to cause HTTP requests, made by backend pages such as PHP or Python files, to be redirected through a proxy of the remote attacker's choosing. This could result in multiple negative outcomes, such as compromising of data or denial of service.

While technically not a bug, this design flaw can have substantial repercussions unless mitigated.

It's relatively easy to mitigate this vulnerability by performing configuration updates to most web servers. You can refer to our support knowledge base for specific technical details.

We recommend that all Zend Server customers take the necessary steps to update their web server configuration to block this vulnerability.

For further questions or feedback, please contact our support team.

Regards,
Mickey Hoter
Senior product manager, Zend Server
User avatar
MickeyZend
Zend Product Manager
 
Posts: 95
Joined: Mon Aug 19, 2013 1:34 pm
Location: Israel

Return to Zend Server

Who is online

Users browsing this forum: Yahoo [Bot] and 3 guests

cron