httpoxy vulnerability

This topic contains 2 replies, has 3 voices, and was last updated by Profile photo of Dave Wyatt Dave Wyatt 11 months, 1 week ago.

  • Author
  • #47376
    Profile photo of Efff dd
    Efff dd

    where under dsc would this be set? under a module?


  • #47378
    Profile photo of Don Jones
    Don Jones

    I might not fully understand what you're asking, so please feel free to clarify if I've got it wrong.

    You're asking where you would set the HTTP response header information mentioned on that website.

    My understanding is that, for IIS, you'd be modifying Application.config. Right now, I'm not sure any of the existing IIS DSC resources are especially good at doing that. You could potentially use a generic XML resource, since Application.config is just XML.

  • #47383
    Profile photo of Dave Wyatt
    Dave Wyatt

    Are you asking if the DSC pull server has this vulnerability? That shouldn't be a problem: "httpoxy does not affect any Microsoft Web Frameworks".

You must be logged in to reply to this topic.