HTTP Header Injection


Description

The application is vulnerable to HTTP header injection. HTTP header injection is a vulnerability that results from the failure to sanitize input values that are used to populate HTTP header values. An attacker can inject a carriage return and line feed into the header in order to manipulate the response. The HTTP standard RFC 2616 defines headers as being separated by a single CRLF and headers from the body by two. The vulnerability allows the attacker to rewrite responses in order to to perform a number of different attacks against users.

Impact

An attacker who can insert a CRLF into a header and rewrite responses can attack users in a number of ways. An attacker in control of the HTTP response can insert HTML in order to deface a website. Defacing a website could include adding content that poses a reputational risk to the organization. The content could also include cross-site scripting attacks or redirects to malicious websites. HTTP header injection can also enable HTTP response splitting attacks that poison a web cache and magnify the impact across multiple users.

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database

 

Leave a Reply