VRT Category Suggestion - Spoofed location headers #495
Description
Scenario:
Some misconfigured applications/assets rely solely on HTTP headers for security.
However, a malicious actor can spoof/insert a false IP address into a HTTP location header (such as Host or X-Forwarded-For) in order to mimic a different location, and exploit the trust some web-applications employe for access control. By using this exploit, a malicious actor could gain access to otherwise intentionally restricted applications/panels/information.
More information found here: https://owasp.org/www-community/pages/attacks/ip_spoofing_via_http_headers
Proposed categories:
Broken Access Control (BAC) -> Spoofed Location Header -> Admin Portal Access : P1
Broken Access Control (BAC) -> Spoofed Location Header -> Sensitive Information Disclosure : P3
Broken Access Control (BAC) -> Spoofed Location Header -> Non-Admin Portal Access : P3
Broken Access Control (BAC) -> Spoofed Location Header -> Non-Sensitive Information Disclosure : P5