Host Header Injection is a web security vulnerability that occurs when an attacker manipulates the Host header in an HTTP request to exploit improper server-side handling or trust of this header.
Impact:
Web Cache Poisoning: Attackers can poison web caches by tricking the server into storing malicious responses. Server-Side Request Forgery (SSRF): Exploiting internal services by forging requests. Password Reset Poisoning: Manipulating links in password reset emails to redirect victims to malicious sites. Information Disclosure: Exposing sensitive data by bypassing protections dependent on the Host header. Proper validation of the Host header and avoiding reliance on its value for security decisions can mitigate this risk.
