Security Haiku: ExploitBox’s CVE-2017-8295

Security Haiku: ExploitBox’s CVE-2017-8295


Return to sender

sending to the wrong domain

read from HOST header.

There was a recently released authentication bypass vulnerability that affects WordPress before and including 4.7.4, with specific server configurations. The attack requires a request to a WordPress site via it’s IP address, while the attacker sets the HTTP request header to their own HOST value. Pagely does not allow direct access to WordPress sites via IP address and requires the HOST field sent in the headers to be the actual site being requested, thus a request with a HOST value controlled by an attacker will not be directed to a WordPress installation at Pagely.

Bonus Haiku:

Pagely hosted sites
are not affected by this
reported exploit.

For more details on the vulnerability and how it works, please read:

https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html

Subscribe for an easy once monthly email of updates.

Leave a Reply

Your email address will not be published. Required fields are marked *

How can we help?

Contact our sales team today for WordPress hosting solutions.

Request Your Quote
Categories