
<html><head>

<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">

</head><body bgcolor="#FFFFFF" text="#000000">Hello everyone,<br>

<br>

I finally understand what's going on here...<br>

<br>

<a class="moz-txt-link-freetext" href="http://www.trendmicro.com/vinfo/us/threat-encyclopedia/vulnerability/10236/python-http-proxy-header-injection-vulnerability-cve20161000110">http://www.trendmicro.com/vinfo/us/threat-encyclopedia/vulnerability/10236/python-http-proxy-header-injection-vulnerability-cve20161000110</a><br>

<br>

I have been a victim of this attack, nginx is also affected, is there 

any patch for this new vulnerability?<br>

<br>

Thank you,<br>

Hamza<br>

<br>

<span>


</span><br>

<blockquote style="border: 0px none;" 

cite="mid:13F76B0F-8FD1-4BF1-8B9A-0F97292DE76F@genious.net" type="cite">

  <div style="margin:30px 25px 10px 25px;" class="__pbConvHr"><div 

style="width:100%;border-top:1px solid #EDEEF0;padding-top:5px">   <div 

style="display:inline-block;white-space:nowrap;vertical-align:middle;width:49%;">

        <a moz-do-not-send="true" href="mailto:h.aboulfeth@genious.net" 

style="color:#737F92 

!important;padding-right:6px;font-weight:bold;text-decoration:none 

!important;">Hamza Aboulfeth</a></div>   <div 

style="display:inline-block;white-space:nowrap;vertical-align:middle;width:48%;text-align:

 right;">     <font color="#9FA2A5"><span style="padding-left:6px">August

 13, 2016 at 6:36 PM</span></font></div>    </div></div>

  <div style="color:#888888;margin-left:24px;margin-right:24px;" 

__pbrmquotes="true" class="__pbConvBody"><div>Hello,<br><br>We have 

formatted the server and installed everything over again, a week later 

the same problem occurred. All redirects are actually sent from time to 

time to another host:<br><br>[root@genious106 ~]# curl -IL -H "host: 

hespress.com" xx.xx.xx.xx<br>HTTP/1.1 301 Moved Permanently<br>Server: 

nginx/1.10.1<br>Date: Sat, 13 Aug 2016 13:31:28 GMT<br>Content-Type: 

text/html<br>Content-Length: 185<br>Connection: keep-alive<br>Location: 

<a class="moz-txt-link-freetext" href="http://1755118211">http://1755118211</a><br>.com/<br>dbg-redirect: nginx<br><br>HTTP/1.1 302 

Found<br>Server: nginx/1.2.1<br>Date: Sat, 13 Aug 2016 13:31:17 GMT<br>Content-Type:

 text/html; charset=iso-8859-1<br>Connection: keep-alive<br>Set-Cookie: 

orgje=2PUrADQAAgABACUhr1f__yUhr1dAAAEAAAAlIa9XMgACAAEAJSGvV___JSGvVwA-; 

expires=Sun, 13-Aug-2017 13:31:17 GMT; path=/; domain=traffsell.com<br>Location:

 <a class="moz-txt-link-freetext" href="http://triuch.com/6lo1I">http://triuch.com/6lo1I</a><br><br>HTTP/1.1 200 OK<br>Server: nginx<br>Date:

 Sat, 13 Aug 2016 13:31:17 GMT<br>Content-Type: text/html; charset=utf-8<br>Connection:

 keep-alive<br>Vary: Accept-Encoding<br>Vary: Accept-Encoding<br><br>[root@genious106

 ~]#<br><br>Even php redirect requests are rerouted.<br><br>Please 

advice,<br>Hamza<br><br></div></div>

  <div style="margin:30px 25px 10px 25px;" class="__pbConvHr"><div 

style="width:100%;border-top:1px solid #EDEEF0;padding-top:5px">   <div 

style="display:inline-block;white-space:nowrap;vertical-align:middle;width:49%;">

        <a moz-do-not-send="true" href="mailto:francis@daoine.org" 

style="color:#737F92 

!important;padding-right:6px;font-weight:bold;text-decoration:none 

!important;">Francis Daly</a></div>   <div 

style="display:inline-block;white-space:nowrap;vertical-align:middle;width:48%;text-align:

 right;">     <font color="#9FA2A5"><span style="padding-left:6px">July 

16, 2016 at 8:47 AM</span></font></div>    </div></div>

  <div style="color:#888888;margin-left:24px;margin-right:24px;" 

__pbrmquotes="true" class="__pbConvBody"><div>On Fri, Jul 15, 2016 at 

10:58:07PM +0100, Hamza Aboulfeth wrote:<br><br>Hi there,<br><br></div><div><!----><br>If

 that x.x.x.x is enough to make sure that this request gets to your<br>nginx,

 then your nginx config is probably involved.<br><br>If this only 

started yesterday, then changes since yesterday (or since<br>your nginx 

was last restarted before yesterday) are probably most<br>interesting.<br><br>And

 as a very long shot: if you can "tcpdump" to see that nginx is sending<br>one

 thing, but the client is receiving something else, then you'll want<br>to

 look outside nginx at something else interfering with the traffic.<br><br>Good

 luck with it,<br><br>      f<br></div></div>

  <div style="margin:30px 25px 10px 25px;" class="__pbConvHr"><div 

style="width:100%;border-top:1px solid #EDEEF0;padding-top:5px">   <div 

style="display:inline-block;white-space:nowrap;vertical-align:middle;width:49%;">

        <a moz-do-not-send="true" href="mailto:h.aboulfeth@genious.Net" 

style="color:#737F92 

!important;padding-right:6px;font-weight:bold;text-decoration:none 

!important;">Hamza Aboulfeth</a></div>   <div 

style="display:inline-block;white-space:nowrap;vertical-align:middle;width:48%;text-align:

 right;">     <font color="#9FA2A5"><span style="padding-left:6px">July 

15, 2016 at 10:58 PM</span></font></div>    </div></div>

  <div style="color:#888888;margin-left:24px;margin-right:24px;" 

__pbrmquotes="true" class="__pbConvBody">Hello,

<br>

<br>I have a weird problem that suddenly appeared on a client's website 

yesterday. We have a redirection from non www to www and sometimes the 

redirection sends somewhere else:

<br>

<br>[root@genious33 nginx-1.11.2]# curl -IL -H "host: hespress.com" 

x.x.x.x

<br>HTTP/1.1 301 Moved Permanently

<br>Server: nginx/1.11.2

<br>Date: Fri, 15 Jul 2016 21:54:06 GMT

<br>Content-Type: text/html

<br>Content-Length: 185

<br>Connection: keep-alive

<br>Location: <a class="moz-txt-link-freetext" href="http://1755118213">http://1755118213</a>

<br>.com/

<br>dbg-redirect: nginx

<br>

<br>HTTP/1.1 302 Found

<br>Server: nginx/1.2.1

<br>Date: Fri, 15 Jul 2016 21:52:37 GMT

<br>Content-Type: text/html; charset=iso-8859-1

<br>Connection: keep-alive

<br>Set-Cookie: orgje=JbgbADQAAgABACVbiVf__yVbiVdAAAEAAAAlW4lXAA--; 

expires=Sat, 15-Jul-2017 21:52:37 GMT; path=/; domain=traffsell.com

<br>Location: <a class="moz-txt-link-freetext" href="http://m.xxx.com/">http://m.xxx.com/</a>

<br>

<br>HTTP/1.1 200 OK

<br>Date: Fri, 15 Jul 2016 21:52:37 GMT

<br>Content-Type: text/html; charset=UTF-8

<br>Connection: keep-alive

<br>Set-Cookie: __cfduid=d5624eb7a789e21f082873681ec36a41b1468619557; 

expires=Sat, 15-Jul-17 21:52:37 GMT; path=/; domain=.hibapress.com; 

HttpOnly

<br>X-Powered-By: PHP/5.3.27

<br>X-LiteSpeed-Cache: hit

<br>Vary: Accept-Encoding

<br>X-Turbo-Charged-By: LiteSpeed

<br>Server: cloudflare-nginx

<br>CF-RAY: 2c307148667c3f77-YUL

<br>

<br>Sometimes it acts as it should sometimes it redirect somewhere else

<br>

<br>If you have any clue about what's happening, do help me :)

<br>

<br>Thank you,

<br>Hamza

<br>

<br>_______________________________________________

<br>nginx mailing list

<br><a class="moz-txt-link-abbreviated" href="mailto:nginx@nginx.org">nginx@nginx.org</a>

<br><a class="moz-txt-link-freetext" href="http://mailman.nginx.org/mailman/listinfo/nginx">http://mailman.nginx.org/mailman/listinfo/nginx</a>

<br></div>

</blockquote>

<br>

</body></html>