: Host header vulnerability reported by Acunetix Scanner I am getting ready to launch a small web app and decided to scan the site with the Acunetix Web Vulnerability Scanner. I was quite pleased
I am getting ready to launch a small web app and decided to scan the site with the Acunetix Web Vulnerability Scanner. I was quite pleased with the results for the most part, but the scanner reports a high level security issue with the setting of the Host header. The scanner provides the following link for more information www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html
Far as I can tell the vulnerability comes into play if you are using the host header to generate URLs, be they urls inserted into sent emails or inserted into pages.
Am I correct in thinking that this is not an issue for a web app that is not using the Host header to create urls in any way?
More posts by @Ann8826881
2 Comments
Sorted by latest first Latest Oldest Best
When Acunetix detects a vulnerability, it generally provides additional information, including the parameters that were used to detect the vulnerability. This allows you to replicate the vulnerability manually, possibly using the manual penetration testing tools included with Acunetix such as the HTTP Editor.
Check the following Acunetix post on Host Header Injection: www.acunetix.com/blog/web-security-zone/articles/automated-detection-of-host-header-attacks/
You might want to contact the Acunetix support team, and provide them with additional details on the vulnerability.
If the webapp (including any framework it was built on top of) doesn't use the Host header or anything derived from it (like SERVER_NAME) then the attacks described are not possible.*
However, if this were the case, Acunetix shouldn't really be raising this vulnerability on your scan, especially without providing any evidence.
*If the webapp is intended to only be accessible from an internal network then you should validate the host header anyway, to prevent external attackers from gaining access to it using DNS rebinding.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.