Hi Does anyone know how to block or redirect pages that contain a response header / redirection Location-header containing the string "URL:" ?
Best Regards, Morten Lange ~~~~~~~~~~~~~ Background : ~~~~~~~~~~~~~ http://secunia.com/advisories/11793/ : 1) A variant of the "Location:" local resource access vulnerability can be exploited via a specially crafted URL in the "Location:" HTTP header to open local files. Example: "Location: URL:ms-its:C:\WINDOWS\Help\iexplore.chm::/iegetsrt.htm" [...] Solution: - Disable Active Scripting support for all but trusted web sites. - Filter "Location:" headers containing the "URL:" prefix in a proxy server. - Use another browser. Also see http://www.kb.cert.org/vuls/id/713878 http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.30 -- Morten Lange But my views are my own etc.
