HTTP Response Splitting
Description
When an HTTP request contains unexpected CR and LF characters, the server may respond with an output stream that is interpreted as two different HTTP responses (instead of one). An attacker can control the second response and mount attacks such as cross-site scripting and cache poisoning attacks.
Examples
Insecure Code
scala
val cookie = new javax.servlet.http.Cookie("session", request.getParameter("session"))Secure Code
scala
val cookie = new javax.servlet.http.Cookie("session", org.owasp.encoder.Encode.forUriComponent(request.getParameter("session")))Remediation
Properly neutralize CRLF sequences in HTTP headers by using a library like OWASP ESAPI or a framework's built-in encoding functions.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0011 |
| Category | Injection |
| Severity | HIGH |
| CWE | CWE-113 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | http, crlf, response splitting |
| OWASP | N/A |