[SR-Users] Kamailio vulnerable to header smuggling possible due to bypass of remove_hf
Alex Balashov
abalashov at evaristesys.com
Wed Sep 2 20:28:00 CEST 2020
On 2020-09-02 14:21, Fred Posner wrote:
> As time progresses, attack metrics change. If a criteria meets a major
> announcement, the project has shown and demonstrated that information
> will be released in a security announcement, for example:
>
> https://www.kamailio.org/w/2018/07/kamailio-security-announcement-for-kamailio-core/
For better or worse, one of the arguments made was that if 2018 was the
last time we had an announcement of this magnitude, we must not be
Serious About Security™.
It is worth taking the time to introspect about whether the threshold
for such announcements is properly calibrated. That's never a bad idea.
However, to suggest that there must be a quota met of major
vulnerability announcements per unit of time met in order for a project
to be credibly Serious About Security™ is ludicrous.
-- Alex
--
Alex Balashov | Principal | Evariste Systems LLC
Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free)
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
More information about the sr-users
mailing list