Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-25GQ-JVX2-VG9X
HistoryMay 23, 2024 - 4:59 p.m.

Silverstripe X-Forwarded-Host request hostname injection

2024-05-2316:59:25
Google
osv.dev
1
silverstripe
x-forwarded-host
hostname injection
vulnerability
url resolution
http header
caching
reverse proxy
fix
htaccess
mod_headers.

7.3 High

AI Score

Confidence

Low

JSON

A potential hostname injection vulnerability has been found which could allow attackers to alter url resolution.

If a request contains the X-Forwarded-Host HTTP header a website would then use its value in place of the actual HTTP hostname. In cases where caching is enabled, this could allow an attacker to potentially embed a remote url as the base_url for any site. This would then cause other visitors to the site to be redirected unknowingly.

This header is necessary for servers running behind a reverse proxy (such as nginx). Such servers are likely not vulnerable to this risk.

A fix has been merged into the default installer, although existing projects which do not run behind a reverse proxy should update their htaccess as below:

<IfModule mod_headers.c>
    # Remove X-Forwarded-Host header sent as a part of any request from the web
    RequestHeader unset X-Forwarded-Host
</IfModule>

7.3 High

AI Score

Confidence

Low

JSON