DerScanner
Home / Vulnerability Database / Config files : Host spoofing
Config files

Config files : Host spoofing

Classification

OWASP Top 10 2021
A10-Server-Side Request Forgery (SSRF)

Overview

The application may need to pass the Host header in order to correctly generate various URLs (redirects, resources, links in emails, etc.). The possibility of substitution of such a header makes the application vulnerable.

This is possible as a result of using the \(http_host variable instead of \)host.

References

  1. What’s the difference of \(host and \)http_host in Nginx
  2. Host of Troubles Vulnerabilities
  3. Practical HTTP Host header attacks
LOW

DerScanner Severity Score

Do you want to fix Config files : Host spoofing in your application?

See also

Config files

Config files : Text4Shell Vulnerability

Config files

Config files : Incorrect directory deletion

Config files

Config files : Code injection