简介 CORS（Cross-Origin Resource Sharing, 跨域资源共享）是HTML5的一个新特性，用于解决浏览器跨域网络资源访问，目前已经被所有浏览器支持，
Introduction We discovered a new class of attacks that affect a wide range of HTTP implementations. The problem is that deployed systems are generally incorrect (non-compliant with RFC 7230) and inconsistent in parsing and interpreting “Host” headers in HTTP requests. This problem can be exploited by carefully crafting HTTP requests with ambiguous host information, inducing inconsistent interpretations between two parties. Such inconsistency can lead to severe security consequences, such as HTTP cache poisoning and security policy bypass.
Introduction Content Delivery Networks (CDNs) are important Internet infrastructure and improve the performance, scalability and security for websites. Therefore, attacks against availability of CDNs affect the reachability to a large amount of web sites.
In this study, we present how malicious customers could attack the availability of CDN by creating forwarding loops inside one CDN or across multiple CDNs. Such forwarding loops cause one request to be processed repeatedly or even indefinitely, resulting in undesired resource consumption and potentially Denial-of-Service attacks.