Missing Security Headers
Medium
C
curl
Submitted None
Actions:
Reported by
balajidev
Vulnerability Details
Technical details and impact analysis
# Missing Security Headers (Low)
**Target:** https://curl.se/
**OWASP Mapping:** A05 Misconfiguration / A02 Crypto
**Vulnerability ID:** sec-headers-0f70ef5bcb
## Description
A Missing Security Headers issue was discovered. This may allow an attacker to exploit the application.
## Proof of Concept
### Using cURL
```bash
curl -I -k "https://curl.se/"
```
### Using Python
```python
import requests
print(requests.get("https://curl.se/", verify=False).headers)
```
## Impact
This vulnerability is categorized as **Low**. It may allow exploitation such as:
- Missing Security Headers exploitation (e.g., session theft, injection, data exfiltration).
## Remediation
Set CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and HSTS.
## Impact
## Impact
This vulnerability is categorized as **Low**. It may allow exploitation such as:
- Missing Security Headers exploitation (e.g., session theft, injection, data exfiltration).
## Remediation
Set CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and HSTS.
Report Details
Additional information and metadata
State
Closed
Substate
Not-Applicable