Description
During the processing of an incoming HTTP request, the web server relies on the Host HTTP header to determine which component or virtual host should handle the request. However, since all HTTP headers, including the Host header, are user-controlled data, if the application uses the value of any HTTP header without proper validation, it becomes vulnerable to header injection attacks. Host header injection enables attackers to manipulate the response, leading to potential security risks such as arbitrary redirection, cache poisoning, and information disclosure.
Recommendation
To mitigate the risk of host header injection, avoid relying solely on the value of headers for critical operations. If it’s necessary to use header values, ensure that only whitelisted values are accepted.