Task #99347
closed
Add HTTP host header injection check to reports module
100%
Description
In case the web server scenario is not properly configured to deny
HTTP host header injection, and the trustedHostsPattern is not explic
enough, an corresponding check in the reports module will issue
an error message like
HTTP_HOSTcontained unexpected "a0a3aa2f59.random.example.org"SERVER_NAMEcontained unexpected "a0a3aa2f59.random.example.org"
Using the configuration directive UseCanonicalName On for Apache
web server environments mitigates the risk.
This is related to a side note in https://typo3.org/security/advisory/typo3-core-sa-2014-001
which introduced the trustedHostsPattern configuration.
Updated by Gerrit Code Review almost 2 years ago
- Status changed from New to Under Review
Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77024
Updated by Gerrit Code Review almost 2 years ago
Patch set 1 for branch 11.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77025
Updated by Gerrit Code Review almost 2 years ago
Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77024
Updated by Gerrit Code Review almost 2 years ago
Patch set 2 for branch 11.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77025
Updated by Gerrit Code Review almost 2 years ago
Patch set 1 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77038
Updated by Gerrit Code Review almost 2 years ago
Patch set 3 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77024
Updated by Gerrit Code Review almost 2 years ago
Patch set 3 for branch 11.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77025
Updated by Gerrit Code Review almost 2 years ago
Patch set 2 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77038
Updated by Gerrit Code Review almost 2 years ago
Patch set 4 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77024
Updated by Oliver Hader almost 2 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 194fc85f7c3108f3f72943317a4f877170acbec3.
Updated by Gerrit Code Review almost 2 years ago
- Status changed from Resolved to Under Review
Patch set 1 for branch 12.1 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77114
Updated by Gerrit Code Review almost 2 years ago
Patch set 2 for branch 12.1 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77114
Updated by Oliver Hader almost 2 years ago
- Status changed from Under Review to Resolved
Applied in changeset db50a31602d9c59dc39de0ce69adc14ff0455b3d.
Updated by Benni Mack almost 2 years ago
- Status changed from Resolved to Closed