Host Header Injection is a web security vulnerability that occurs when an attacker manipulates the Host header in an HTTP request to exploit improper server-side handling or trust of this header.<br /><br />Impact:<br /><br />Web Cache Poisoning: Attackers can poison web caches by tricking the server into storing malicious responses.<br />Server-Side Request Forgery (SSRF): Exploiting internal services by forging requests.<br />Password Reset Poisoning: Manipulating links in password reset emails to redirect victims to malicious sites.<br />Information Disclosure: Exposing sensitive data by bypassing protections dependent on the Host header.<br />Proper validation of the Host header and avoiding reliance on its value for security decisions can mitigate this risk.
