Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Drupal trusted_host_patterns setting not configured - Vulnerability Database

Drupal trusted_host_patterns setting not configured

Description

The trusted_host_patterns setting is not configured for your Drupal installation. This setting can be configured from settings.php and protects against HTTP Host Header attacks. This should be an array of regular expression patterns, representing the hosts you would like to allow. It's recommended to configure this setting in a production website.

Remediation

Edit <strong>settings.php</strong> and configure <strong>trusted_host_patterns</strong> as you can see in the example below. <br/><br/> In this example, the site is only allowed to run from www.example.com. <pre> $settings['trusted_host_patterns'] = [ '^www\.example\.com$', ]; </pre>

References

Protecting against HTTP HOST Header attacks
Drupal Security: Top tips to secure your Drupal application

Related Vulnerabilities

Trace.axd Detected High
Common tags: Configuration
Apache Airflow Experimental API Auth Bypass CVE-2020-13927 High
Common tags: Configuration
Joomla J!Dump extension enabled Medium
Common tags: Configuration
Joomla Debug Console enabled Medium
Common tags: Configuration
Jetty Information Disclosure (CVE-2021-34429) Medium
Common tags: Configuration

Severity

Medium

Classification

CWE-16
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration