HTTP Response Splitting Vulnerability
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 CAPEC-34 CWE-113 WASC-25 WSTG-INPV-15
HTTP response splitting is detected when:
- Data enters a web application via an untrusted source.
- The data is included in an HTTP response header sent to a web user without being validated for malicious characters.
This web server allows attacker to set arbitrary headers, take control of the body, or break the response into two or more separate responses.
Example
String author = request.getParameter(AUTHOR_PARAM);
...
Cookie cookie = new Cookie("author", author);
cookie.setMaxAge(cookieExpiration);
response.addCookie(cookie);
Impact
The impact include:-
- Cross-User Defacement
- Cache Poisoning
- Cross-Site Scripting
- Page Hijacking
Mitigation / Precaution
This vulnerability can be avoided by:-
- Using URL-encoded strings before inclusion into HTTP headers. This include Location or Set-Cookie.
- Use modern Java EE application servers.
Check your website security today and
identify vulnerabilities before hackers exploit them.