Host Header Injection
Description
Using untrusted Host header for generating dynamic URLs can result in web cache and or password reset poisoning.
Examples
Insecure Code
javascript
var url = 'https://' + req.host + '/path';Secure Code
javascript
var url = 'https://' + sanitize(req.host) + '/path';Remediation
Validate and sanitize the Host header before using it to generate dynamic URLs.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0401 |
| Category | Injection |
| Severity | MEDIUM |
| CWE | CWE-348 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | Host Header Injection, Web Cache Poisoning, Password Reset Poisoning |
| OWASP | A1:2017-Injection, A03:2021-Injection |