Skip to main content

Lack of data validation - Headers

Description

In the source code the information of some HTTP headers is not being validated, so different values could be injected in order to achieve some XSS attack or compromise the integrity of the stored information.

Impact

Inject potentially dangerous characters into application fields.

Recommendation

Validate on the server side the types of data that are entered into different kind of fields in the application.

Threat

Authorized user from the Internet.

Expected Remediation Time

⌚ 60 minutes.

Score

Default score using CVSS 3.1. It may change depending on the context of the vulnerability.

Base

  • Attack vector: N
  • Attack complexity: L
  • Privileges required: L
  • User interaction: N
  • Scope: U
  • Confidentiality: N
  • Integrity: L
  • Availability: N

Temporal

  • Exploit code madurity: P
  • Remediation level: X
  • Report confidence: R

Result

  • Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
  • Score:
    • Base: 4.3
    • Temporal: 3.9
  • Severity:
    • Base: Medium
    • Temporal: Low

Code Examples

Compliant code

The application uses user input after validating it against a white list

var http = require('http');
const { validateHeaderName } = require('http');

const requestHandler = (req, res) => {
try {
// validate request header against a predefined whitelist
validateHeaderName(req.header.name, whitelist);
// Code to handle the request
} catch (err) {
err instanceof TypeError; // true
return err.message;
}
}

Non compliant code

The application uses user input without server side validation

const requestHandler = (req, res) => {
//Code to handle the request without validating the header against a whitelist
}

Requirements