HTTP response header injection

OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 CAPEC-105 CWE-93 HIPAA-164.306(a) ISO27001-A.14.2.5 WASC-24 WSTG-INFO-08

An HTTP response header injection attack is an attack that might arise due to improper and unsafe transmission of user-supplied data to the response header. If the attacker successfully inserts characters into the header, he will also be able to change the header completely. The attacker can insert a new line into the header to break the header into messages. So that, he can add new custom codes into the application. This vulnerability can be exploited using cross-site scripting attack. The attacker uses cross-site scripting attack to inject malicious javascript code into the response header. A corrupt response header can poison the cache memory and can also affect the proxy used by the end users.


The following is the example of header injection.


Using this vulnerability, the attacker can change the cookie properties and many more.


Using this vulnerability, an attacker can:-

  • leak sensitive information about the server.
  • gain full access to the system.
  • read, update and delete sensitive data/tables from the database.
  • execute commands on the underlying operating system.

Mitigation / Precaution

Beagle recommends the following fixes:-

  • Applications should avoid copying user-controllable data into HTTP response headers.
  • The data should be strictly validated to prevent response header injection attacks.
  • Allow only short alphanumeric strings to be copied into headers.

Related Articles