Description

It was identified that this application supports the legacy headers X-Original-URL and/or X-Rewrite-URL.

Support for these headers lets users override the path in the request URL via the X-Original-URL or X-Rewrite-URL HTTP request header and allows a user to access one URL but have web application return a different one which can bypass restrictions on higher level caches and web servers.

Many web frameworks such as Symfony 2.7.0 to 2.7.48, 2.8.0 to 2.8.43, 3.3.0 to 3.3.17, 3.4.0 to 3.4.13, 4.0.0 to 4.0.13 and 4.1.0 to 4.1.2 , zend-diactoros up to 1.8.4, zend-http up to 2.8.1, zend-feed up to 2.10.3 are affected by this security issue.

Remediation

Upgrade the affected web frameworks to their latest versions.

References

CVE-2018-14773: Remove support for legacy and risky HTTP headers

ZF2018-01: URL Rewrite vulnerability

Related Vulnerabilities

WordPress Plugin MainWP Child-Securely connects sites to the MainWP WordPress Manager Dashboard Security Bypass (2.0.9.1)

X-Forwarded-For HTTP header security bypass

WordPress Plugin Visual Link Preview Security Bypass (2.2.2)

WordPress Plugin Comments Like Dislike Security Bypass (1.1.3)

WordPress Plugin SpamBam Key Calculation Security Bypass (2.1)

Severity

Medium

Classification

CWE-436 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Tags

Abuse Of Functionality Authentication Bypass Url Redirection