TF 0258 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Load balancers should drop invalid headers
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | elb |
| Provider | AWS |
| Vulnerability Type | omission |
Description
The load balancer is configured to forward HTTP headers to targets without filtering out invalid or unknown headers. This allows potentially malicious or malformed headers to reach backend services, increasing the risk of exploitation.
Impact
Attackers could exploit backend vulnerabilities by injecting unexpected or malformed headers, leading to possible security breaches such as unauthorized access, data leakage, or service disruption within the application infrastructure.
Resolution
Set drop_invalid_header_fields to true