Cross Domain Referrer Leakage


Description

The application is vulnerable to cross domain referrer leakage.  The Referer header is an HTTP header field that was originally defined in RFC 1945, the standard that introduced HTTP V1.0.  The Referer header provides a server with the URL of the webpage that linked to the resource being requested. The application is leaking data across domains because the Referer header is sending a URL that contains sensitive information. 

Impact

Sensitive information is being transmitted to a third-party domain in the Referer header. Sensitive information may include password reset tokens, session IDs, or personally identifiable information. If the external domain is not fully trusted, the information may be used to attack the user or the application. Since header information may be stored in many locations within an organization, the opportunity for sensitive information in the URL to be exposed is greatly increased. Headers are also frequently stored in many places including server logs, proxy logs, and threat detection systems, just to name a few.

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database

 

Leave a Reply