Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') (CWE-113)

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

The product receives data from an HTTP agent/component, and it places this data in HTTP response headers without neutralizing CRLF sequences.

An attacker can inject CRLF sequences into HTTP headers to create additional headers or response body content. This can lead to cache poisoning, cross-site scripting, or other attacks.

Verbreitung

Mittel

3 Sprachen abgedeckt

Auswirkung

Hoch

2 Regeln mit hohem Schweregrad

Prävention

Dokumentiert

3 Fix-Beispiele

2 Prävention

So behebst du diese Schwachstelle

Präventionsstrategien für HTTP Response Splitting basierend auf 3 Shoulder-Erkennungsregeln.

🐹 Go Alle anzeigen Go Details →

HTTP Header Injection MEDIUM

Strip CRLF characters from user input before setting HTTP headers

+15 -6 go

  package main
  
- import "net/http"
- 
- func handler(w http.ResponseWriter, r *http.Request) {
-     lang := r.URL.Query().Get("lang")
-     // Vulnerable: user input set as header value
-     w.Header().Set("Content-Language", lang)
+ import (
+     "net/http"
+     "strings"
+ )
+ 
+ func sanitizeHeaderValue(s string) string {
+     s = strings.ReplaceAll(s, "\r", "")
+     s = strings.ReplaceAll(s, "\n", "")
+     return s
+ }
+ 
+ func handler(w http.ResponseWriter, r *http.Request) {
+     lang := r.URL.Query().Get("lang")
+     // Safe: CRLF characters stripped
+     w.Header().Set("Content-Language", sanitizeHeaderValue(lang))
      w.Write([]byte("OK"))
  }

🐍 Python Alle anzeigen Python Details →

HTTP Header Injection HIGH

Strip CRLF characters from user input before using in HTTP headers

+12 -7 python

- from flask import request, make_response
- 
- @app.route('/download')
- def download():
-     filename = request.args.get('filename')
-     response = make_response("content")
-     response.headers['Content-Disposition'] = f'attachment; filename="{filename}"'
+ import re
+ from flask import request, make_response
+ 
+ def sanitize_header(value):
+     return re.sub(r'[\r\n]', '', str(value))
+ 
+ @app.route('/download')
+ def download():
+     filename = request.args.get('filename', '')
+     safe_filename = sanitize_header(filename)
+     response = make_response("content")
+     response.headers['Content-Disposition'] = f'attachment; filename="{safe_filename}"'
      return response

3 Erkennung

Finden Sie Schwachstellen in Ihrem Code

Verwenden Sie Shoulder, um Ihren Code nach Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')-Mustern zu scannen. 3 Regeln.

Terminal

# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=113

# Or scan entire project
npx @shoulderdev/cli trust .

Erkennungsregeln (3)

🐹 Go 1 rules

HTTP Header Injection MEDIUM

Detects user input flowing to HTTP headers without CRLF sanitization.

🟨 Javascript 1 rules

HTTP Header Injection (Response Splitting) HIGH

Detects user input flowing into HTTP response headers without CRLF sanitization.

🔷 Typescript 1 rules

HTTP Header Injection (Response Splitting) HIGH

Detects user input flowing into HTTP response headers without CRLF sanitization.

🐍 Python 1 rules

HTTP Header Injection HIGH

Detects user input flowing into HTTP response headers without CRLF sanitization.

4 Warnzeichen

Worauf bei Code-Reviews zu achten ist

Diese Muster weisen auf potenzielle Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')-Schwachstellen hin. Achten Sie bei Code-Reviews und Sicherheitsaudits darauf.

🟠

user input flowing into HTTP response headers without CRLF sanitization javascript-header-injection

🟡

user input flowing to HTTP headers without CRLF sanitization go-header-injection

🔍

Scanne deine Codebasis nach Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

Shoulder CLI findet anfällige Muster in deiner gesamten Codebasis.

npx shoulder trust Alle Regeln durchsuchen