Expand my Community achievements bar.

SOLVED

External Service Interaction (DNS)

Avatar

Level 2

Hi all

AEM got this External Service Interaction (DNS) and may I know any reference of how to fix this?

 

'It is possible to induce the application to perform server-side DNS lookups of arbitrary domain names.

The payload uge************l5oipzq7ejwa71du1nzbt5hv4lsa.burpcollaborator.net was submitted in the HTTP Host header.'

 

 

This hasn't been solved yet. I accidently clicked the correct reply. Guys.

 

 

 

Thanks .

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

Hi,

 

do I read your question correctly, that a security audit resulted in a finding, and that this finding mentions, that you can force AEM to perform DNS (Domain name system) lookups for hostnames which are sent via the HTTP host name?

View solution in original post

5 Replies

Avatar

Community Advisor

@Snow123 Can you please add some more information around this ask here?

What you would like to fix?

Avatar

Correct answer by
Employee Advisor

Hi,

 

do I read your question correctly, that a security audit resulted in a finding, and that this finding mentions, that you can force AEM to perform DNS (Domain name system) lookups for hostnames which are sent via the HTTP host name?

Avatar

Level 2

Hi @Jörg_Hoh ,

 

Thanks for the contribution. Yes. This is  a security audit result finding. 

May I know how to perform DNS (Domain name system) lookups for hostnames in AEM?

 

Thanks in advance.

 

 

Avatar

Employee Advisor

Hi,

 

I am bit confused. Because "forcing AEM to perform a hostname lookup" (especially in the context of a security finding) is a completely different topic than performing a hostname lookup as part of normal operation (or in a customization).

 

Based on your initial posting the question "The payload uge************l5oipzq7ejwa71du1nzbt5hv4lsa.burpcollaborator.net was submitted in the HTTP Host header.'" suggests that an attacker can submit an arbitrary host name in the "Host" header of a request.

This header (as part of HTTP/1.1) specifies the hostname your client wants to address (as it is possible to host multiple hostnames on a single endpoint, speak: you can host a multitude of sites on a single site using distinct hostnames). And from I read your question, this hostname is resolved somewhere, causing a DNS lookup. And the security audit marks this as a security problem. Is that correct? If yes, you should create a AEM support ticket. And please also include the assessment, why this is a security problem at all. (My personal understanding is that this is not a security issue, and I am quite sure, that our security team is interested in the understanding of the security auditor as well.)

 

The other question "How do I do a hostname lookup in AEM" is not really specific to AEM. AEM is a java-based application and it uses the standard java APIs to resolve hostnames (e.g. using the class InetAddress) or one of the many other libraries which offer more highlevel services and do hostname lookups as part of this. There is nothing specific to AEM.

 

HTH,

Jörg