Redirection via Arbitrary Host Header Manipulation

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
hemantdhimann22
OpenVpn Newbie
Posts: 1
Joined: Fri Oct 13, 2023 6:30 am

Redirection via Arbitrary Host Header Manipulation

Post by hemantdhimann22 » Fri Oct 13, 2023 6:37 am

hi,
we have pci scan for a server running openvpn.
PCI SCAN was failed on this server.

THREAT:
The Host header is an HTTP request header that specifies the domain name of the server the client is trying to communicate with. It allows a single
web server to host multiple websites by distinguishing between them based on the domain name provided in the Host header.

SOLUTION:
Implementing proper validation and sanitization of input headers is essential to mitigate the risks of Host header injection.
Whitelist domains, only allow permitted domains to be included in Host header.
Top
Post Reply

Return to “Off Topic, Related”