|
Naziv
|
HTTP Response Splitting
|
|
Sažetak
|
This attack uses a maliciously-crafted HTTP request in order to cause a vulnerable web server to respond with an HTTP response stream that will be interpreted by the client as two separate responses instead of one. This is possible when user-controlled input is used unvalidated as part of the response headers. The target software, the client, will interpret the injected header as being a response to a second request, thereby causing the maliciously-crafted contents be displayed and possibly cached.
|
|
Preduvjeti
|
User-controlled input used as part of HTTP header|Ability of adversary to inject custom strings in HTTP header|Insufficient input validation in application to check for input sanity before using it as part of response header
|
|
Rješenja
|
To avoid HTTP Response Splitting, the application must not rely on user-controllable input to form part of its output response stream. Specifically, response splitting occurs due to injection of CR-LF sequences and additional headers. All data arriving from the user and being used as part of HTTP response headers must be subjected to strict validation that performs simple character-based as well as semantic filtering to strip it of malicious character sequences and headers.
|
