24 Jun 2018
HTTP Response Splitting Vulnerability
24 Jun 2018
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 CAPEC-34 CWE-113 WASC-25 WSTG-INPV-15
HTTP response splitting is detected when:
- Data enters a web application via an untrusted source.
- The data is included in an HTTP response header sent to a web user without being validated for malicious characters.
This web server allows attacker to set arbitrary headers, take control of the body, or break the response into two or more separate responses.
Example
String author = request.getParameter(AUTHOR_PARAM);
...
Cookie cookie = new Cookie("author", author);
cookie.setMaxAge(cookieExpiration);
response.addCookie(cookie);
Impact
The impact include:-
- Cross-User Defacement
- Cache Poisoning
- Cross-Site Scripting
- Page Hijacking
Mitigation / Precaution
This vulnerability can be avoided by:-
- Using URL-encoded strings before inclusion into HTTP headers. This include Location or Set-Cookie.
- Use modern Java EE application servers.
Latest Articles
Zero-Day Vulnerabilities in Web Applications
July 18 2022
8 Login Tips to Stay Safe Online
June 16 2022
Popular in Injection
Union Query SQL Injection (SQLi)
July 4 2018
Stacked Queries SQL Injection (SQLi)
July 4 2018
SQL injection(SQLi)
July 4 2018
Inline Queries SQL Injection (SQLi)
July 4 2018
Error based SQL Injection (SQLi)
July 4 2018
Categories
Client Side URL Redirect HSTS Cookies Attributes IBM SQL injection injection Time Based Blind SQL Injection SSL Injection CRLF Content Security Policy CSRF CORS Information Leakage status code SRI metadata X-XSS-Protection owasp Clickjacking XSS Cookies Directory traversal DOM XSS RFI SQL Injection Blind SQL Injection XML Injection blog Web server TLS WordPress web security SMB Cyber attacks AI Wordpress Data Security DOMECTF2020 Container security CMS Security Code Execution Content security policy Htaccess Bypass DOMECTF2021 Press Webinar DevSecOps Web Security
Latest Articles
