HTTP response splitting
HTTP |
---|
Request methods |
Header fields |
Response status codes |
Security access control methods |
Security vulnerabilities |
HTTP response splitting is a form of web application vulnerability, resulting from the failure of the application or its environment to properly sanitize input values. It can be used to perform cross-site scripting attacks, cross-user defacement, web cache poisoning, and similar exploits.
The attack consists of making the server print a
Prevention
The generic solution is to
Typical examples of sanitization include casting to integers or aggressive regular expression replacement. Most modern server-side scripting languages and runtimes, like PHP since version 5.1.2[1] and Node.js since 4.6.0 (previous versions supported it, but the protection could've been bypassed, which was discovered in 2016)[2] as well as Web frameworks, such as Django since version 1.8.4[3] support sanitization of HTTP responses against this type of vulnerability.
References
- ^ "PHP: PHP 5.1.2. Release Announcement". The PHP Group. Retrieved 2014-11-13.
- ^ "CVE-2016-5325 | Snyk Vulnerability Database". Learn more about debian:9 with Snyk Open Source Vulnerability Database. Retrieved 2024-01-16.
- ^ "CVE-2015-5144 | Snyk Vulnerability Database". Learn more about pip with Snyk Open Source Vulnerability Database. Retrieved 2024-01-16.
External links
- Divide and Conquer - HTTP Response Splitting, Web Cache Poisoning Attacks, and Related Topics. Amit Klein, 2004.
- Target Web Application Vulnerable to HTTP Header Injection
- HTTP Response Splitting, The Web Application Security Consortium
- Wapiti Open Source XSS, Header, SQL and LDAP injection scanner
- LWN article
- CWE-113: Failure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
- HTTP Response Splitting Attack - OWASP
- CRLF Injection - OWASP