Host of Troubles: Multiple Host Ambiguities in HTTP Implementations
ACM Conference on Computer and Communications Security, pp. 1516-1527, 2016.
The Host header is a security-critical component in an HTTP request, as it is used as the basis for enforcing security and caching policies. While the current specification is generally clear on how host-related protocol fields should be parsed and interpreted, we find that the implementations are problematic. We tested a variety of widel...More
PPT (Upload PPT)