Description of the Issue:
We have identified an issue in our Oracle APEX application where the Host header value is being manipulated during requests, resulting in unexpected redirections and potential exposure to header injection vulnerabilities. Specifically, the injected Host value appears to influence the application's response behavior, including incorrect redirects and inclusion in HTTP responses.
Environment Details:
- Oracle APEX version: [23.1.5]
Details of the Issue:
Observed Behavior:
- When the
Host header is modified to a value such as appscanheaderinjection.com, the application improperly processes the request and redirects to the injected host.
- The manipulated
Host header value is also included in the response headers and/or body, which is indicative of inadequate header validation.
Steps to Reproduce:
- Send a
GET request to the application endpoint with a modified Host header
Host: appscanheaderinjection.com
Expected Behavior:
- The application should validate the
Host header and reject or sanitize any malicious or unexpected values.
- Responses should not include unvalidated or user-controlled
Host header values.
Please prioritize this ticket as it relates to a security vulnerability that may expose our application to external threats. Let us know if further details or testing scenarios are needed(Any guidance will be helpful)