Protecting against object injection attacks via the HTTP User-Agent header

  • Resolved plasmarobotics2403

    (@plasmarobotics2403)


    6 years, 9 months ago

    I did my ~bi-weekly server log pull and sift to check for any unusual activity. I noticed there were several User-Agent names that contain PHP code. A little searching uncovered that there is a known issue with PHP object injection & remote code execution using HTTP User-Agents (CVE-2015-8562). However that was for Joomla, not WP.

    I am curious to know is if Wordfence can protect against this kind of attack in the off chance that there is some unknown WP vulnerability. Can anyone say with reasonable confidence that I am (or can be) protected?

    Bruce

Viewing 2 replies - 1 through 2 (of 2 total)

  • Wow, great post. Thanks for asking about this.

    Peace…

    • This reply was modified 6 years, 9 months ago by tomdkat. Reason: Adding reply notification

    Hi @plasmarobotics2403,

    We do have firewall rules that cover various object injection vulnerabilities, including a rule that covers HTTP headers like the User-Agent.

    If new plugin/theme vulnerabilities come up that allow different methods of object injection, we can also add rules for those to the feed, so sites with Wordfence can be protected against those attacks, without having to update Wordfence first.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Protecting against object injection attacks via the HTTP User-Agent header’ is closed to new replies.