Load balancers should drop invalid headers
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | elb |
| Provider | AWS |
| Vulnerability Type | omission |
Description#
The load balancer is configured to forward HTTP headers to targets without filtering out invalid or unknown headers. This allows potentially malicious or malformed headers to reach backend services, increasing the risk of exploitation.
Impact#
Attackers could exploit backend vulnerabilities by injecting unexpected or malformed headers, leading to possible security breaches such as unauthorized access, data leakage, or service disruption within the application infrastructure.
Resolution#
Set drop_invalid_header_fields to true