Pantheon edge modified to address "httpoxy" – CVE-2016-5385

Jul 18, 22:19 PDT
Resolved – We have deployed a configuration change that addresses CVE-2016-5385[1]. The change blocks attempts to exploit the vulnerability called “httpoxy” [2] by striping “proxy” headers at our edge. We recommend customers apply updates appropriate to their environments as soon as possible even though this change provides protection.

[1] – https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5385

[2] – https://httpoxy.org, https://www.kb.cert.org/vuls/id/797896


Source: http://status.pantheon.io/history.rss

Leave a Reply