<html><head>
<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
</head><body bgcolor="#FFFFFF" text="#000000">Hello everyone,<br>
<br>
I finally understand what's going on here...<br>
<br>
<a class="moz-txt-link-freetext" href="http://www.trendmicro.com/vinfo/us/threat-encyclopedia/vulnerability/10236/python-http-proxy-header-injection-vulnerability-cve20161000110">http://www.trendmicro.com/vinfo/us/threat-encyclopedia/vulnerability/10236/python-http-proxy-header-injection-vulnerability-cve20161000110</a><br>
<br>
I have been a victim of this attack, nginx is also affected, is there 
any patch for this new vulnerability?<br>
<br>
Thank you,<br>
Hamza<br>
<br>
<span>

</span><br>
<blockquote style="border: 0px none;" 
cite="mid:13F76B0F-8FD1-4BF1-8B9A-0F97292DE76F@genious.net" type="cite">
  <div style="margin:30px 25px 10px 25px;" class="__pbConvHr"><div 
style="width:100%;border-top:1px solid #EDEEF0;padding-top:5px">   <div 
style="display:inline-block;white-space:nowrap;vertical-align:middle;width:49%;">
        <a moz-do-not-send="true" href="mailto:h.aboulfeth@genious.net" 
style="color:#737F92 
!important;padding-right:6px;font-weight:bold;text-decoration:none 
!important;">Hamza Aboulfeth</a></div>   <div 
style="display:inline-block;white-space:nowrap;vertical-align:middle;width:48%;text-align:
 right;">     <font color="#9FA2A5"><span style="padding-left:6px">August
 13, 2016 at 6:36 PM</span></font></div>    </div></div>
  <div style="color:#888888;margin-left:24px;margin-right:24px;" 
__pbrmquotes="true" class="__pbConvBody"><div>Hello,<br><br>We have 
formatted the server and installed everything over again, a week later 
the same problem occurred. All redirects are actually sent from time to 
time to another host:<br><br>[root@genious106 ~]# curl -IL -H "host: 
hespress.com" xx.xx.xx.xx<br>HTTP/1.1 301 Moved Permanently<br>Server: 
nginx/1.10.1<br>Date: Sat, 13 Aug 2016 13:31:28 GMT<br>Content-Type: 
text/html<br>Content-Length: 185<br>Connection: keep-alive<br>Location: 
<a class="moz-txt-link-freetext" href="http://1755118211">http://1755118211</a><br>.com/<br>dbg-redirect: nginx<br><br>HTTP/1.1 302 
Found<br>Server: nginx/1.2.1<br>Date: Sat, 13 Aug 2016 13:31:17 GMT<br>Content-Type:
 text/html; charset=iso-8859-1<br>Connection: keep-alive<br>Set-Cookie: 
orgje=2PUrADQAAgABACUhr1f__yUhr1dAAAEAAAAlIa9XMgACAAEAJSGvV___JSGvVwA-; 
expires=Sun, 13-Aug-2017 13:31:17 GMT; path=/; domain=traffsell.com<br>Location:
 <a class="moz-txt-link-freetext" href="http://triuch.com/6lo1I">http://triuch.com/6lo1I</a><br><br>HTTP/1.1 200 OK<br>Server: nginx<br>Date:
 Sat, 13 Aug 2016 13:31:17 GMT<br>Content-Type: text/html; charset=utf-8<br>Connection:
 keep-alive<br>Vary: Accept-Encoding<br>Vary: Accept-Encoding<br><br>[root@genious106
 ~]#<br><br>Even php redirect requests are rerouted.<br><br>Please 
advice,<br>Hamza<br><br></div></div>
  <div style="margin:30px 25px 10px 25px;" class="__pbConvHr"><div 
style="width:100%;border-top:1px solid #EDEEF0;padding-top:5px">   <div 
style="display:inline-block;white-space:nowrap;vertical-align:middle;width:49%;">
        <a moz-do-not-send="true" href="mailto:francis@daoine.org" 
style="color:#737F92 
!important;padding-right:6px;font-weight:bold;text-decoration:none 
!important;">Francis Daly</a></div>   <div 
style="display:inline-block;white-space:nowrap;vertical-align:middle;width:48%;text-align:
 right;">     <font color="#9FA2A5"><span style="padding-left:6px">July 
16, 2016 at 8:47 AM</span></font></div>    </div></div>
  <div style="color:#888888;margin-left:24px;margin-right:24px;" 
__pbrmquotes="true" class="__pbConvBody"><div>On Fri, Jul 15, 2016 at 
10:58:07PM +0100, Hamza Aboulfeth wrote:<br><br>Hi there,<br><br></div><div><!----><br>If
 that x.x.x.x is enough to make sure that this request gets to your<br>nginx,
 then your nginx config is probably involved.<br><br>If this only 
started yesterday, then changes since yesterday (or since<br>your nginx 
was last restarted before yesterday) are probably most<br>interesting.<br><br>And
 as a very long shot: if you can "tcpdump" to see that nginx is sending<br>one
 thing, but the client is receiving something else, then you'll want<br>to
 look outside nginx at something else interfering with the traffic.<br><br>Good
 luck with it,<br><br>      f<br></div></div>
  <div style="margin:30px 25px 10px 25px;" class="__pbConvHr"><div 
style="width:100%;border-top:1px solid #EDEEF0;padding-top:5px">   <div 
style="display:inline-block;white-space:nowrap;vertical-align:middle;width:49%;">
        <a moz-do-not-send="true" href="mailto:h.aboulfeth@genious.Net" 
style="color:#737F92 
!important;padding-right:6px;font-weight:bold;text-decoration:none 
!important;">Hamza Aboulfeth</a></div>   <div 
style="display:inline-block;white-space:nowrap;vertical-align:middle;width:48%;text-align:
 right;">     <font color="#9FA2A5"><span style="padding-left:6px">July 
15, 2016 at 10:58 PM</span></font></div>    </div></div>
  <div style="color:#888888;margin-left:24px;margin-right:24px;" 
__pbrmquotes="true" class="__pbConvBody">Hello,
<br>
<br>I have a weird problem that suddenly appeared on a client's website 
yesterday. We have a redirection from non www to www and sometimes the 
redirection sends somewhere else:
<br>
<br>[root@genious33 nginx-1.11.2]# curl -IL -H "host: hespress.com" 
x.x.x.x
<br>HTTP/1.1 301 Moved Permanently
<br>Server: nginx/1.11.2
<br>Date: Fri, 15 Jul 2016 21:54:06 GMT
<br>Content-Type: text/html
<br>Content-Length: 185
<br>Connection: keep-alive
<br>Location: <a class="moz-txt-link-freetext" href="http://1755118213">http://1755118213</a>
<br>.com/
<br>dbg-redirect: nginx
<br>
<br>HTTP/1.1 302 Found
<br>Server: nginx/1.2.1
<br>Date: Fri, 15 Jul 2016 21:52:37 GMT
<br>Content-Type: text/html; charset=iso-8859-1
<br>Connection: keep-alive
<br>Set-Cookie: orgje=JbgbADQAAgABACVbiVf__yVbiVdAAAEAAAAlW4lXAA--; 
expires=Sat, 15-Jul-2017 21:52:37 GMT; path=/; domain=traffsell.com
<br>Location: <a class="moz-txt-link-freetext" href="http://m.xxx.com/">http://m.xxx.com/</a>
<br>
<br>HTTP/1.1 200 OK
<br>Date: Fri, 15 Jul 2016 21:52:37 GMT
<br>Content-Type: text/html; charset=UTF-8
<br>Connection: keep-alive
<br>Set-Cookie: __cfduid=d5624eb7a789e21f082873681ec36a41b1468619557; 
expires=Sat, 15-Jul-17 21:52:37 GMT; path=/; domain=.hibapress.com; 
HttpOnly
<br>X-Powered-By: PHP/5.3.27
<br>X-LiteSpeed-Cache: hit
<br>Vary: Accept-Encoding
<br>X-Turbo-Charged-By: LiteSpeed
<br>Server: cloudflare-nginx
<br>CF-RAY: 2c307148667c3f77-YUL
<br>
<br>Sometimes it acts as it should sometimes it redirect somewhere else
<br>
<br>If you have any clue about what's happening, do help me :)
<br>
<br>Thank you,
<br>Hamza
<br>
<br>_______________________________________________
<br>nginx mailing list
<br><a class="moz-txt-link-abbreviated" href="mailto:nginx@nginx.org">nginx@nginx.org</a>
<br><a class="moz-txt-link-freetext" href="http://mailman.nginx.org/mailman/listinfo/nginx">http://mailman.nginx.org/mailman/listinfo/nginx</a>
<br></div>
</blockquote>
<br>
</body></html>