Request URL Override

medium Web App Scanning Plugin ID 114262

Language:

Synopsis

Request URL Override

Description

Web application components can sometimes rely on request HTTP headers like 'X-Original-URL' or 'X-Rewrite-URL' to override the original path of this request. Attackers can leverage this vulnerability to conduct further attacks in order to bypass restrictions or conduct cache poisonning attacks.

Solution

If the application uses a known vulnerable component, update it to a fixed version or later. Otherwise, review the application logic to ensure that HTTP headers like 'X-Original-URL' or 'X-Rewrite-URL' are not trusted and used in its routing logic

See Also

https://framework.zend.com/security/advisory/ZF2018-01

https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/02-Testing_for_Bypassing_Authorization_Schema

https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers

Plugin Details

Severity: Medium

ID: 114262

Type: remote

Family: Web Applications

Published: 4/22/2024

Updated: 4/22/2024

Scan Template: api, basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS Score Source: CVE-2018-14773

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS Score Source: CVE-2018-14773

Reference Information

CVE: CVE-2018-14773

CWE: 436

OWASP: 2010-A6, 2013-A5, 2017-A6, 2021-A4

WASC: HTTP Response Smuggling

OWASP API: 2019-API7, 2023-API8