Host of Troubles Vulnerabilities
- Article Number: 000010440
- Products: Forcepoint Email Security Cloud, Forcepoint Web Security Cloud, TRITON AP-EMAIL, TRITON AP-WEB, Web Filter & Security
- Version: All Versions
- Last Published Date: February 19, 2021
Published Date: September 13, 2016
Last Update: April 4, 2017
KBA Status: Final
KBA Severity: High
The Forcepoint Product Security Incident Response Team is investigating these security vulnerabilities and their impact on Forcepoint products. This article will be updated after assessments and fixes are completed, if applicable.
Host of Troubles (HoT) is a set of vulnerabilities that may affect the HTTP implementation or standard, systems that are non-compliant with RFC 7230 or specifically, the HTTP protocol. The vulnerability is exploited by crafting HTTP requests with ambiguous host information (i.e., inconsistent interpretations between source and destination). This can lead to potential HTTP cache poisoning and bypassing of security policies.
Products Under Review
PSIRT has completed its assessments.
KBA Detailed Information
The following descriptions are from the CVE website:
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.
For convenience, the Resolution section will show the product names used at the time of release.
Hotfix and Information About Other Fixes
keywords: vulnerability; cve