Hello Vinay
Please do not write to mentors@ list
Contact dev@ list of project you have chosen instead :) (in cc)
from mobile (sorry for typos ;)
---------- Forwarded message ----------
From: Vinay Kumar <vinaykumardahiya@gmail.com>
To: mentors@community.apache.org
Cc:
Bcc:
Date: Fri, 9 Apr 2021 22:07:32 +0530
Subject: GSOC project Idea- fix for CVE-2013-3587
Hi there, my name is Vinay, I'm doing an internship currently wherein I'm
working on making our product server secure. We use an Apache HTTP server
for our product. I've come across the Breach vulnerability (CVE-2013-3587)
which is still not fixed in the original software. I was wondering if it
would be a good issue to work on for GSOC?
Making default settings in the HTTP server to mitigate the breach attack,
or perhaps making a new module to do the same, out of the box.
I'm doing the following to mitigate it:
1. disabling compressing when the referrer isn't one belonging to a
specified whitelist.
2. adding random strings to response bodies to obscure the degree to which
a page is compressed against a certain input.
Please let me know what you think.
Regard
Vinay.
Please do not write to mentors@ list
Contact dev@ list of project you have chosen instead :) (in cc)
from mobile (sorry for typos ;)
---------- Forwarded message ----------
From: Vinay Kumar <vinaykumardahiya@gmail.com>
To: mentors@community.apache.org
Cc:
Bcc:
Date: Fri, 9 Apr 2021 22:07:32 +0530
Subject: GSOC project Idea- fix for CVE-2013-3587
Hi there, my name is Vinay, I'm doing an internship currently wherein I'm
working on making our product server secure. We use an Apache HTTP server
for our product. I've come across the Breach vulnerability (CVE-2013-3587)
which is still not fixed in the original software. I was wondering if it
would be a good issue to work on for GSOC?
Making default settings in the HTTP server to mitigate the breach attack,
or perhaps making a new module to do the same, out of the box.
I'm doing the following to mitigate it:
1. disabling compressing when the referrer isn't one belonging to a
specified whitelist.
2. adding random strings to response bodies to obscure the degree to which
a page is compressed against a certain input.
Please let me know what you think.
Regard
Vinay.