HTTP Header Injection
Description
Untrusted user input in response header will result in HTTP Header Injection or Response Splitting Attacks.
Examples
Insecure Code
javascript
res.set('Location', req.query.redirect);
res.writeHead(302, {'Location': req.query.redirect});Secure Code
javascript
const redirectUrl = validateAndSanitize(req.query.redirect);
res.set('Location', redirectUrl);
res.writeHead(302, {'Location': redirectUrl});Remediation
Validate and sanitize user input before setting response headers.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0397 |
| Category | Injection |
| Severity | CRITICAL |
| CWE | CWE-644 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | HTTP Header Injection, Response Splitting Attacks |
| OWASP | A1:2017-Injection, A03:2021-Injection |