Vulnerability Details
Severity:
Medium
Category:
Web Application
Description
The application includes user input in HTTP response headers without filtering carriage return and line feed characters, allowing attackers to inject arbitrary headers or split responses.
Risks
An attacker could inject malicious HTTP headers, perform HTTP response splitting, set arbitrary cookies, enable XSS through injected headers, or poison web caches.
Remediation
Strip or encode CRLF characters from all user input used in HTTP headers. Use framework-provided methods for setting headers that automatically handle encoding. Validate header values server-side.