Security vulnerability httpoxy
Hi,
Do you know if the last WHM server is vulnerable with the httpoxy set of vulnerability?
[LIST]
CVE-2016-5385: PHP
CVE-2016-5386: Go
CVE-2016-5387: Apache HTTP Server
CVE-2016-5388: Apache Tomcat
CVE-2016-1000109: HHVM
CVE-2016-1000110: Python
-
We have a nice, new vulnerability website to check out. Should we use Apache's recommended solution on our WHM servers? The two lines below enabled in the httpd.conf file will remove the "Proxy:" header from all incoming requests, before further processing; LoadModule headers_module {path-to}/mod_headers.so RequestHeader unset Proxy early0 -
Hello, The following document was published to address questions about HTTPOXY, including steps you can take to determine if your system is affected, and steps for manual mitigation: CVE-2016-5387 HTTPOXY - cPanel Knowledge Base - cPanel Documentation Thank you. 0
Please sign in to leave a comment.
Comments
2 comments