Highly Rated and Recommended
We're rated Excellent 4.2/5 stars on G2 - with 95+ verified reviews
| Issue: |
|
|---|---|
| Date: |
|
| Severity: | Medium |
| Requires Admin Access: | No |
| Fix Version: | 2.5.4 |
| Credit: | it.sec GmbH & Co. KG – Hans-Martin Münch & Markus Piéton |
| Description: |
A header injection allows a attacker to insert arbitrary HTTP-Headers into the server’s response. This enables a attacker to change cookie values, add additional headers or in the case of a normal page to insert arbitrary code that gets executed as soon as the client receives the server’s response. |
| Mitigation: |
As a workaround, we suggest using a Application firewall to block access to those urls externally. |
We're rated Excellent 4.2/5 stars on G2 - with 95+ verified reviews