HTTP Response Splitting Vulnerability
Description
This code constructs an HTTP Cookie using an untrusted HTTP parameter. If this cookie is added to an HTTP response, it will allow a HTTP response splitting vulnerability.
Examples
Insecure Code
scala
new javax.servlet.http.Cookie("session", request.getParameter("session"));Secure Code
scala
new javax.servlet.http.Cookie("session", org.owasp.encoder.Encode.forUriComponent(request.getParameter("session")));Remediation
Validate and sanitize user input before using it to construct HTTP headers or cookies. Use a library like OWASP ESAPI to encode user input for HTTP headers.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0012 |
| Category | Injection |
| Severity | HIGH |
| CWE | CWE-113 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | http, response splitting, crlf |
| OWASP | N/A |