How to fix VeraCode Improper Neutralization of CRLF Sequences in HTTP Headers

Description

A function call contains an HTTP response splitting flaw. Writing unsanitized user-supplied input into an HTTP header allows an attacker to manipulate the HTTP response rendered by the browser, leading to cache poisoning and crosssite scripting attacks.

Recommendations

Remove unexpected carriage returns and line feeds from user-supplied data used to construct an HTTP response. Always validate user-supplied input to ensure that it conforms to the expected format, using centralized data validation routines when possible.
For More detail - CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

Issue Code

response.setHeader(headerKey,headerValue); response.addHeader(headerKey, headerValue);

Fixed Code

DefaultHTTPUtilities httpUtilities = new DefaultHTTPUtilities(); httpUtilities.setHeader(headerKey,headerValue); httpUtilities.addHeader(response, headerKey,headerValue);

Explanation

Above Example setting header value directly to response object.But HTTP header allows an attacker to manipulate the HTTP response rendered by the browser and it will vulnerability / Untrusted. By using setHeader and addHeader function which is present in DefaultHTTPUtilities by ESAPI will avoid such an attack.

2 comments:

  1. UnknownSeptember 5, 2015 at 3:54 AM

    Easy to understand.

    ReplyDelete
  2. The App IdeasNovember 15, 2022 at 4:08 AM

    Really its great to see this kind of useful blog. Thanks for sharing this blog with us.

    If you are running any Laundry business then launching an On-demand Laundry App Development is very beneficial for you. How much does it cost to develop an On-Demand Laundry App Development? Want to know then Contact Us.

    ReplyDelete

Subscribe to: Post Comments (Atom)