Vulnerability Database

Origin Header Cors Misconfiguration

Cross-origin Resource Sharing (CORS) is a specification that allows Web applications to offer their resources for public consumption from different domains. CORS is typically used in cross-origin APIs designed to be consumed by JavaScript (client-side) applications.

This vulnerability occurs when the application uses the request Origin header to set up the Access-Control-Allow-Origin response header.

This issue may enable some types of client-side exploits targeting authenticated users by leveraging vulnerabilities, such as XSS (Cross-site Scripting) or session hijacking.

Solution

Ensure that the Origin header is not considered to set up CORS.

If CORS is not required, then it is advisable to turn it off. It is essential to ensure that the Access-Control-Allow-Origin header is correctly used only on safe resources that will not expose any data from the currently logged users.

Caveats

This finding may be an intended application feature.

References

Ultimate

Enterprise
  • All Tools, Services, and Plans
  • Suitable For Enterprises
  • Single Sign-On Integration, Single Tenant
  • Dedicated Support, Custom Integrations
  • Annual or Monthly, Fixed-cost Billing