CVE-2017-8295 – No Vulnerability

May 4, 10:26 PDT
Resolved – For any customers concerned with the CVE-2017-8295[1] security issue, our platform is not vulnerable as this exploit requires spoofing the http HOST header, which is not possible due to the way our routing works. There is no need to be concerned with the security of your site on Pantheon, and we will not be taking any action in response to this alert.

[1] – http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8295


Source: http://status.pantheon.io/history.rss