About 34% of the web is still powered by HTTP/1.1 and that protocol will likely come under severe attack starting on Wednesday. Get a preview of what’s in store for the latest security headache.
First comment on the post:
James Kettle: Hi, I’m the author of this research. It’s great to see interest and I can promise some quality research and a strong argument to kill HTTP/1.1 but the headline of this article goes a bit too far. The specific CDN vulnerabilities have been disclosed to the vendors and patched (hence the past tense in the abstract) – I wouldn’t drop zero day on a CDN! That said I do expect to see fresh critical CDN vulnerabilities in future – hopefully found by a white hat!
PleaseLetMeOut@lemmy.dbzer0.com 8 months ago
I remember people on IRC doing something similar to Cloudflare years back. Using a malformed HTTP header to get a servers’ real host IPs. It didn’t give you admin panel access or anything like this does, but you could deanonymize sites.
And to sit on this for 6 years?! I don’t even know what to say about that…