Support #13280
[SCP ID :##6481##] : VAPT Findings - BIF-102375 - Kelemahan Host Injection
Status: | Closed - End of life cycle | Start date: | October 26, 2022 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | Zahir Abd Latif | % Done: | 100% | |
Category: | - | Spent time: | - | |
Target version: | - |
Description
Hi,
Kindly attend below request:-
Deskripsi :
Pengujian pada aplikasi BIFAST menunjukan alikasi memiliki kelemahan pada pengaturan informasi HOST yang belum menerapkan pembatasan
Situs Target :
https://10.170.136.228/bifast-portal/
Rekomendasi :
Kami sarankan Implementasi pencegahan pada sisi Host. Referensi : https://portswigger.net/web-security/host-header
History
#1 Updated by Stephanie Sufrapto almost 2 years ago
- Status changed from New - Begin Life Cycle to User Acceptance Test
- Assignee changed from Bramantyo Pujo Wiyono to Zahir Abd Latif
- % Done changed from 0 to 100
provide feedback 31 Oct 2022
Insert the following lines in between <VirtualHost:80>
ServerName StagingApacheWebServer IPAddress
ServerAlias StagingApacheWebServer IPAddress
DocumentRoot "/etc/httpd"
Restart Apache
#2 Updated by Zahir Abd Latif almost 2 years ago
- Status changed from User Acceptance Test to Closed - End of life cycle
Issue closed in SCP.