[cabf_validation] Method 6 - Agreed-Upon Change to Website
Doug Beattie
doug.beattie at globalsign.com
Mon May 14 07:42:19 MST 2018
Does anyone have suggestions for how we should try to fix vulnerabilities with use of http host headers? Is this not something we can address, or are there solid ways to mitigate the risk associated with shared IP addresses?
https://docs.google.com/document/d/1aJiOzYVTpoAPVWDucnp20cTO2PR_cRsHncvkhlrcR10/edit#heading=h.29h2q2aeb3nh
There are also open questions about Query strings, Cross protocol attacks and caching. Can someone describe these and propose mitigations?
Doug
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 13278 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/validation/attachments/20180514/509b05e6/attachment.bin>
More information about the Validation
mailing list