Vulnerability Details
Severity:
Medium
Category:
Web Application
Description
The application trusts the Host header for generating URLs, redirects, or password reset links without proper validation, allowing attackers to inject a malicious host value.
Risks
An attacker could poison password reset links to steal tokens, bypass virtual host-based access controls, perform web cache poisoning, or redirect users to malicious sites.
Remediation
Configure the web server to only accept requests with expected Host header values. Do not use the Host header for generating URLs in sensitive operations. Use a server-side configured base URL instead.