CVE-2020-12855:Host Header Injection in SecZetta NEProfile 3.3.11 allows authenticated attackers to control execution flow.

splash
Back

Description Preview

A Host header injection vulnerability exists in SecZetta NEProfile version 3.3.11. This vulnerability allows authenticated remote adversaries to poison the Host header, which results in the attacker gaining control over the execution flow during HTTP 302 redirects. This type of vulnerability (CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component) can potentially lead to phishing attacks, cache poisoning, or session hijacking.

Overview

The vulnerability in SecZetta NEProfile 3.3.11 involves improper validation of the HTTP Host header. When the application processes a request and generates a 302 redirect response, it fails to properly validate or sanitize the Host header value. Authenticated attackers can manipulate this header to control the redirect destination, potentially directing users to malicious websites or performing other attacks. Host header injection vulnerabilities typically occur when applications use the Host header value from user requests to construct URLs for redirects without proper validation.

Remediation

To remediate this vulnerability, the following actions are recommended:

  1. Update to the latest version of SecZetta NEProfile if a patched version is available
  2. Implement proper validation of the Host header by either:
    • Using a whitelist of allowed hosts
    • Hardcoding the host value in the application rather than using user-supplied values
    • Implementing strict validation against expected domain patterns
  3. Consider implementing HTTP Strict Transport Security (HSTS) to prevent downgrade attacks
  4. Review and audit all instances where the application generates redirects to ensure they don't rely on user-controlled input
  5. Consider implementing a web application firewall (WAF) that can detect and block Host header manipulation attempts

References

  1. http://packetstormsecurity.com/files/158965/SecZetta-NEProfile-3.3.11-Host-Header-Injection.html
  2. CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component - https://cwe.mitre.org/data/definitions/74.html
  3. OWASP: Testing for Host Header Injection - https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/17-Testing_for_Host_Header_Injection

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Accommodation & Food Services
    Accommodation & Food Services
  2. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  3. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  4. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  5. Construction
    Construction
  6. Educational Services
    Educational Services
  7. Finance and Insurance
    Finance and Insurance
  8. Health Care & Social Assistance
    Health Care & Social Assistance
  9. Information
    Information
  10. Management of Companies & Enterprises
    Management of Companies & Enterprises
  11. Manufacturing
    Manufacturing
  12. Mining
    Mining
  13. Other Services (except Public Administration)
    Other Services (except Public Administration)
  14. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  15. Public Administration
    Public Administration
  16. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  17. Retail Trade
    Retail Trade
  18. Transportation & Warehousing
    Transportation & Warehousing
  19. Utilities
    Utilities
  20. Wholesale Trade
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background