Proxy servers running in interception mode ("transparent" proxies) that make connection decisions based on HTTP header values may be used by an attacker to relay connections.
HTTP Host Headers are defined in RFC 2616 and are often used to by web servers to allow multiple websites to share a single IP address.
From RFC 2616:
An attacker may be able to make full connections to any website or resource that the proxy can connect to. These sites may include internal resources such as intranet sites that would not usually be exposed to the Internet.
Workarounds for users
Although these workarounds will not address the underlying issue, vendors who distribute HTTP proxy servers are encouraged to implement them to mitigate future vulnerabilities.
Thanks to Robert Auger from the PayPal Information Risk Management team for reporting this issue as well as providing technical information.
|Date First Published:||2009-02-23|
|Date Last Updated:||2009-09-28 18:58 UTC|