Browsers send Host Header to inform about the URL client wants to visit. Attackers can temper Host Header to manipulate how the application works. Here is how this attack occurs:
This type of attack can affect password reset forms and X-Forwarded-Host header as well.
Security scan tools may flag Host Header related findings as a vulnerability. Here are the best practices for preventing attackers using Host Header:
URL Rewrite rules can be used to find malicious host headers:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.