StackHawk Documentation StackHawk Logo HawkDocs
vulnerabilities
3

No results found

Try different keywords or check your spelling

Search documentation

Find guides, API references, and more

esc
Back to Index

Referer Exposes Session ID

Reference
Plugin ID: 3 CWE: 200 WASC: 13 Unknown Passive Information Leakage

Remediation

To remediate the vulnerability "Referer Exposes Session ID," you can take the following steps:

  1. Disable session ID URL rewrite: Disable the session ID URL rewrite feature to prevent the session ID from being disclosed in the referer header. This can be done by modifying the configuration of your web server or application.

    Example for Apache web server:

    RewriteEngine Off

    Example for Nginx web server:

    rewrite ^(.*)$ /$1 break;

  2. Implement secure session management: Ensure that your application uses secure session management techniques, such as generating random and unique session IDs, using secure cookies, and regenerating session IDs after authentication.

    Example for PHP:

    session_regenerate_id(true);

  3. Validate and sanitize referer header: Implement referer header validation and sanitization to prevent any potential attacks or information leakage. Only allow trusted referer headers and remove any sensitive information from the referer header before processing.

    Example for Java Servlet:

    String referer = request.getHeader("Referer");
if (referer != null && referer.startsWith("https://www.example.com")) {
    // Process the request
} else {
    // Reject the request or take appropriate action
}

About

The vulnerability "Referer Exposes Session ID" occurs when a hyperlink pointing to another host name is found. If session ID URL rewrite is used, the session ID may be disclosed in the referer header to external hosts. This can potentially lead to session hijacking or other security breaches.

Risks

The risks associated with the vulnerability "Referer Exposes Session ID" include:

  • Session hijacking: If the session ID is exposed in the referer header, an attacker may be able to capture the session ID and impersonate the user, gaining unauthorized access to their account or sensitive information.
  • Information leakage: The referer header may contain sensitive information, such as user credentials or other session-related data. If this information is exposed to external hosts, it can be used for malicious purposes.
  • Privacy concerns: Exposing the session ID in the referer header can also raise privacy concerns, as it may reveal the user's browsing history or the websites they have visited. This information can be used for targeted advertising or other privacy-invasive activities.

Your privacy settings

We use first and third party cookies to ensure that we give you the best experience on our website and in our products.

Privacy Policy