8000 Detect RCE in fragments of URLs in Referer header (932205) · Issue #3498 · coreruleset/coreruleset · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
Detect RCE in fragments of URLs in Referer header (932205) #3498
Open
@theseion

Description

@theseion

According to the URL specification, the Referer header must not contain URL fragments (the part of the URL beginning with #). However, in practice many clients will simply copy the current URL into the Referer header. Since web servers have to allow fragments in the Referer header, this opens the door to attacks in the fragment part (we already detect attacks in the path and query parts of URLs in the Referer header).

We should add a new rule that targets the fragment part or URLs in the Referer header only and applies RCE detection as 932205 does to path and query.

See also the discussion in #3485.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      0