HTTP Response Splitting Vulnerability

By
Sooraj V Nair
Published on
24 Jun 2018
Vulnerability

HTTP response splitting is detected when:

  • Data enters a web application via an untrusted source.
  • The data is included in an HTTP response header sent to a web user without being validated for malicious characters.

This web server allows attacker to set arbitrary headers, take control of the body, or break the response into two or more separate responses.

Example

        String author = request.getParameter(AUTHOR_PARAM);
            ...
            Cookie cookie = new Cookie("author", author);
                cookie.setMaxAge(cookieExpiration);
                response.addCookie(cookie);

    

Impact

The impact include:-

  • Cross-User Defacement
  • Cache Poisoning
  • Cross-Site Scripting
  • Page Hijacking

Mitigation / Precaution

This vulnerability can be avoided by:-

  • Using URL-encoded strings before inclusion into HTTP headers. This include Location or Set-Cookie.
  • Use modern Java EE application servers.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Sooraj V Nair
Sooraj V Nair
Cyber Security Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment