Skip to main content

Lack of data validation - Header x-amzn-RequestId

Description

The application does not control server side permission to modify certain fields and allows potentially dangerous character strings to be entered in the x-amzn-RequestId Header.

Impact

  • Reflect dangerous character strings to try to achieve an injection.
  • Use very long character strings to try to deny the service.

Recommendation

Validate on the server side the types of data that are entered into different kind of fields in the application.

Threat

Internet attacker with access to the service.

Expected Remediation Time

⌚ 30 minutes.

Score

Default score using CVSS 3.1. It may change depending on the context of the vulnerability.

Base

  • Attack vector: N
  • Attack complexity: L
  • Privileges required: L
  • User interaction: N
  • Scope: U
  • Confidentiality: N
  • Integrity: L
  • Availability: N

Temporal

  • Exploit code madurity: X
  • Remediation level: X
  • Report confidence: X

Result

  • Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:X
  • Score:
    • Base: 4.3
    • Temporal: 4.3
  • Severity:
    • Base: Medium
    • Temporal: Medium

Code Examples

Compliant code

The x-amzn-RequestId header is set by the application with a sanitized/verified input

const server = http.createServer((req,res))

server.listen(port, (requestedId) => {
var options = {
port: 8080,
host: '127.0.0.1',
};
var request = http.request(options);
if(isValidRequest(requestedId)){
request.setHeader('Cookie', ['type=ninja', 'language=javascript']);
request.setHeader('x-amzn-RequestId', requestedId);
}
request.end();
});

Non compliant code

The x-amzn-RequestId header is set by a potentially unsafe unverified input

const server = http.createServer((req,res))

server.listen(port, (requestedId) => {
var options = {
port: 8080,
host: '127.0.0.1',
};
var request = http.request(options);

request.setHeader('Cookie', ['type=ninja', 'language=javascript']);
request.setHeader('x-amzn-RequestId', requestedId);
request.end();
});

Requirements