Description
A web server commonly hosts several web applications on the same IP address, referring to each application via the virtual host. In an incoming HTTP request, web servers often dispatch the request to the target virtual host based on the value supplied in the Host header. Without proper validation of the header value, the attacker can supply invalid input to cause the web server to:
Dispatch requests to the first virtual host on the list.
Perform a redirect to an attacker-controlled domain.
Perform web cache poisoning.
Manipulate password reset functionality.
Allow access to virtual hosts that were not intended to be externally accessible.
Products, Sensors, and Dependencies
Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
---|
Tenable Web App Scanning | | Web Applications | Authenticated Scan | HTTP/HTTPS | Host Header Injection | Plugin IDs: 98623 |