topic Re: GlobalProtect Qualys: 150307 External Service interaction via Host Header Injection in GlobalProtect Discussions https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-qualys-150307-external-service-interaction-via/m-p/445012#M2094 <P>Yes, we just enrolled in continuous vulnerability scanning and this is one of their findings for us as well.</P> Tue, 02 Nov 2021 16:34:15 GMT jstein 2021-11-02T16:34:15Z GlobalProtect Qualys: 150307 External Service interaction via Host Header Injection https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-qualys-150307-external-service-interaction-via/m-p/432405#M1689 <P>Has anyone scanned their GlobalProtect Portals/Gateways with a Qualys WAS scanner?&nbsp; With GP running version 10.0.x, it's reporting back QID 150307&nbsp;External Service interaction via Host Header Injection.&nbsp;&nbsp;</P><P>&nbsp;</P><P>The scanner injects a special FQDN in the Host header and X-Forwarded-Host header. Qualys Periscope is used to detect any subsequent DNS request and identify the presence of the vulnerability.<BR />Impact<BR />Attackers can potentially redirect users to unintended servers under the attacker's control. Other possible consequences include altered control flow, arbitrary control of a resource, arbitrary code execution. XSS, access to internal hosts, web cache poisoning, or HTML injection.<BR />Solution<BR /><BR /></P> Tue, 07 Sep 2021 17:32:09 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-qualys-150307-external-service-interaction-via/m-p/432405#M1689 jmurphy 2021-09-07T17:32:09Z Re: GlobalProtect Qualys: 150307 External Service interaction via Host Header Injection https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-qualys-150307-external-service-interaction-via/m-p/445012#M2094 <P>Yes, we just enrolled in continuous vulnerability scanning and this is one of their findings for us as well.</P> Tue, 02 Nov 2021 16:34:15 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-qualys-150307-external-service-interaction-via/m-p/445012#M2094 jstein 2021-11-02T16:34:15Z Re: GlobalProtect Qualys: 150307 External Service interaction via Host Header Injection https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-qualys-150307-external-service-interaction-via/m-p/445034#M2095 <P>Same question here.</P> Tue, 02 Nov 2021 18:10:07 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-qualys-150307-external-service-interaction-via/m-p/445034#M2095 Flaster135 2021-11-02T18:10:07Z Re: GlobalProtect Qualys: 150307 External Service interaction via Host Header Injection https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-qualys-150307-external-service-interaction-via/m-p/503677#M2871 <P>Palo Alto and feedback?</P> Tue, 14 Jun 2022 22:37:21 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-qualys-150307-external-service-interaction-via/m-p/503677#M2871 jstein 2022-06-14T22:37:21Z Re: GlobalProtect Qualys: 150307 External Service interaction via Host Header Injection https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-qualys-150307-external-service-interaction-via/m-p/512671#M3099 <P>Was there ever any resolution to this?</P> Tue, 23 Aug 2022 13:15:02 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-qualys-150307-external-service-interaction-via/m-p/512671#M3099 bburstein 2022-08-23T13:15:02Z Re: GlobalProtect Qualys: 150307 External Service interaction via Host Header Injection https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-qualys-150307-external-service-interaction-via/m-p/532721#M3740 <P>I know this is several months old, but was there ever a resolution for this?</P> Wed, 01 Mar 2023 17:29:32 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-qualys-150307-external-service-interaction-via/m-p/532721#M3740 Benzito 2023-03-01T17:29:32Z Re: GlobalProtect Qualys: 150307 External Service interaction via Host Header Injection https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-qualys-150307-external-service-interaction-via/m-p/532722#M3741 Not that I have seen.<BR /> Wed, 01 Mar 2023 17:30:57 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-qualys-150307-external-service-interaction-via/m-p/532722#M3741 jstein 2023-03-01T17:30:57Z Re: GlobalProtect Qualys: 150307 External Service interaction via Host Header Injection https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-qualys-150307-external-service-interaction-via/m-p/537512#M3873 <P>Hello, was there an update or fix for this?</P> Tue, 04 Apr 2023 00:30:44 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-qualys-150307-external-service-interaction-via/m-p/537512#M3873 Benzito 2023-04-04T00:30:44Z Re: GlobalProtect Qualys: 150307 External Service interaction via Host Header Injection https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-qualys-150307-external-service-interaction-via/m-p/539722#M3968 <P><SPAN>Palo Alto PSIRT looked into this and determined it is a false positive.</SPAN></P> Fri, 21 Apr 2023 15:37:48 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-qualys-150307-external-service-interaction-via/m-p/539722#M3968 DaBone 2023-04-21T15:37:48Z