ALTERNATIVE NAMES
HTTP Response splitting, HTTP Response Header Injection
AFFECTED SYSTEMS
Web servers dynamically generating header variables based on user requests.
SEVERITY
Medium
BACKGROUND
HTML header uses CRLF to split the header and the main body of the HTML message. An attacker may send CRLF characters to split the header and can inject malicious code. An attacker may activate Cross-Origin Resource Sharing (CORS) and can inject modified JavaScripts to hijack session-specific variables. The latest releases of web servers including Apache, NGINX, and IIS are not vulnerable to this type of vulnerability.
SOLUTION
Use URL encoding for the URLs. Also, set the control to your forms which will check for CRLF. Update to the latest version of your favorite web server.
LEGAL
Copyright (c) 2019 ONLAYER Bilişim Teknolojileri A.Ş.
Permission is granted for the redistribution of this alert by explicitly linking the page to be referred. It may not be edited in any way without written consent.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition.
There are no warranties concerning this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from the use of, or reliance on, this information.