CWE-293: Using Referer Field for Authentication
Description
The referer field in HTTP requests can be easily modified and, as such, is not a valid means of message integrity checking.
Submission Date :
July 19, 2006, midnight
Modification Date :
2023-06-29 00:00:00+00:00
Organization :
MITRE
Example - 1
The following code samples check a packet's referer in order to decide whether or not an inbound request is from a trusted host.
openNewSecureSession(requestPacket);n = read(newsock, buffer, BUFSIZE);requestPacket = processPacket(buffer, n);if (requestPacket.referer == trustedReferer){}String trustedReferer = "http://www.example.com/"while(true){}
openPrivilegedConnection(request);return true;
sendPrivilegeError(request);return false;String referer = request.getHeader("referer")String trustedReferer = "http://www.example.com/"if(referer.equals(trustedReferer)){}else{}boolean processConnectionRequest(HttpServletRequest request){}
These examples check if a request is from a trusted referer before responding to a request, but the code only verifies the referer name as stored in the request packet. An attacker can spoof the referer, thus impersonating a trusted client.
Related Weaknesses
This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.
Visit http://cwe.mitre.org/ for more details.