Hi
Does anyone know how to block or redirect pages that contain a response
header / redirection Location-header containing the string "URL:" ?
Best Regards,
Morten Lange
~~~~~~~~~~~~~
Background :
~~~~~~~~~~~~~
http://secunia.com/advisories/11793/ :
1) A variant of the "Location:" local resource access vulnerability can
be exploited via a specially crafted URL in the "Location:" HTTP header
to open local files.
[ The example cut out to avoid false alarms. See more in the advisories ]"
[...]
Solution:
- Disable Active Scripting support for all but trusted web sites.
- Filter "Location:" headers containing the "URL:" prefix in a proxy
server. - Use another browser.
Also see
http://www.kb.cert.org/vuls/id/713878
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.30
-- Morten Lange But my views are my own etc.Received on Fri Jul 23 2004 - 10:10:56 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:02 MDT