0026434: Use of _SERVER['HTTP_HOST'], _SERVER['SERVER_NAME'], and _SERVER['HTTP_X_FORWARDED_HOST'] should be avoided

ID	Project	Category	View Status	Date Submitted	Last Update

0026434	mantisbt	security	public	2019-12-05 14:14	2019-12-13 16:23

Reporter	jingshaochen	Assigned To
Priority	normal	Severity	major	Reproducibility	always
Status	new	Resolution	open
Product Version	2.22.1

Summary	0026434: Use of _SERVER['HTTP_HOST'], _SERVER['SERVER_NAME'], and _SERVER['HTTP_X_FORWARDED_HOST'] should be avoided
Description	HTTP_HOST, HTTP_X_FORWARDED_HOST, and SERVER_NAME can be easily spoofed by inserting a Host header from the client side. Mantis uses that as the server hostname to construct every link. The using of those variables are integrated in `$g_path` in the `config_defaults_inc.php` file. Details on the vulnerability can be found here: http://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html
Tags	No tags attached.

jingshaochen 2019-12-13 15:36 reporter ~0063278	Any update?