BestHub
Sign in
Tag

Host header

0 views collected around this technical thread.

Rare Earth Juejin Tech Community
Rare Earth Juejin Tech Community
Jul 14, 2024 · Information Security

The Dangers of Host Header Abuse Illustrated by a NextJS SSRF Vulnerability (CVE-2024-34351)

This article demonstrates how a NextJS SSRF vulnerability (CVE‑2024‑34351) can be exploited by abusing the HTTP Host header, walks through the underlying code, reproduces the attack to retrieve a protected flag file, and discusses mitigation strategies for developers.

CVE-2024-34351Host headerSSRF
0 likes · 11 min read
The Dangers of Host Header Abuse Illustrated by a NextJS SSRF Vulnerability (CVE-2024-34351)
macrozheng
macrozheng
Jul 22, 2023 · Fundamentals

Why Direct IP Access Fails: The Hidden Role of the Host Header in HTTPS

Although you can obtain a website’s IP address, accessing it directly via HTTPS often fails because the HTTP request’s Host header differs, and servers use this header to verify the intended domain, leading to 403 errors unless the correct Host value is supplied.

HTTPHTTPSHost header
0 likes · 5 min read
Why Direct IP Access Fails: The Hidden Role of the Host Header in HTTPS
System Architect Go
System Architect Go
Mar 6, 2021 · Information Security

Understanding and Exploiting HTTP Host Header Attacks

This article explains how misconfigured HTTP Host headers can be abused for attacks such as cache poisoning, SSRF, password‑reset poisoning and other server‑side exploits, and provides practical detection methods and defensive recommendations for developers and security engineers.

Cache PoisoningHTTPHost header
0 likes · 26 min read
Understanding and Exploiting HTTP Host Header Attacks