Mobile app version of vmapp.org
Login or Join
Ann8826881

: Host header vulnerability reported by Acunetix Scanner I am getting ready to launch a small web app and decided to scan the site with the Acunetix Web Vulnerability Scanner. I was quite pleased

@Ann8826881

Posted in: #Security

I am getting ready to launch a small web app and decided to scan the site with the Acunetix Web Vulnerability Scanner. I was quite pleased with the results for the most part, but the scanner reports a high level security issue with the setting of the Host header. The scanner provides the following link for more information www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html
Far as I can tell the vulnerability comes into play if you are using the host header to generate URLs, be they urls inserted into sent emails or inserted into pages.

Am I correct in thinking that this is not an issue for a web app that is not using the Host header to create urls in any way?

10.02% popularity Vote Up Vote Down


Login to follow query

More posts by @Ann8826881

2 Comments

Sorted by latest first Latest Oldest Best

 

@Alves908

When Acunetix detects a vulnerability, it generally provides additional information, including the parameters that were used to detect the vulnerability. This allows you to replicate the vulnerability manually, possibly using the manual penetration testing tools included with Acunetix such as the HTTP Editor.

Check the following Acunetix post on Host Header Injection: www.acunetix.com/blog/web-security-zone/articles/automated-detection-of-host-header-attacks/
You might want to contact the Acunetix support team, and provide them with additional details on the vulnerability.

10% popularity Vote Up Vote Down


 

@Margaret670

If the webapp (including any framework it was built on top of) doesn't use the Host header or anything derived from it (like SERVER_NAME) then the attacks described are not possible.*

However, if this were the case, Acunetix shouldn't really be raising this vulnerability on your scan, especially without providing any evidence.

*If the webapp is intended to only be accessible from an internal network then you should validate the host header anyway, to prevent external attackers from gaining access to it using DNS rebinding.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme