An HTTP response header injection attack is an attack that might arise due to improper and unsafe transmission of user-supplied data to the response header. If the attacker successfully inserts characters into the header, he will also be able to change the header completely. The attacker can insert a new line into the header to break the header into messages. So that, he can add new custom codes into the application. This vulnerability can be exploited using cross-site scripting attack. The attacker uses cross-site scripting attack to inject malicious javascript code into the response header. A corrupt response header can poison the cache memory and can also affect the proxy used by the end users.
The following is the example of header injection.
http://example.beaglesecurity.com/
redirect.asp?origin=foo%0d%0aSet-Cookie:%20ASPSESSIONIDACCBBTCD=SessionFixed%0d%0a
Using this vulnerability, the attacker can change the cookie properties and many more.
Using this vulnerability, an attacker can:-
Beagle recommends the following fixes:-