I am getting the below security warning in the scan report with a laravel project built in version 5.2.45.
URL rewrite vulnerability
Below is the description.
It was identified that this application supports the legacy headers X-Original-URL and/or X-Rewrite-URL.Support for these headers lets users override the path in the request URL via the X-Original-URL or X-Rewrite-URL HTTP request header and allows a user to access one URL but have web application return a different one which can bypass restrictions on higher level caches and web servers. Many web frameworks such as Symfony 2.7.0 to 2.7.48, 2.8.0 to 2.8.43, 3.3.0 to 3.3.17, 3.4.0 to 3.4.13, 4.0.0 to 4.0.13 and 4.1.0 to 4.1.2 , zend-diactoros up to 1.8.4, zend-http up to 2.8.1, zend-feed up to 2.10.3 are affected by this security issue.
Any suggestions on how to fix this will be much appreciated.
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire