DerScanner
Home / Vulnerability Database / PHP : HTTP header manipulation
PHP

PHP : HTTP header manipulation

Classification

OWASP Top 10 2013
A1-InjectionA3-Cross-Site Scripting (XSS)A10-Unvalidated Redirects and Forwards
OWASP Top 10 2017
A1-InjectionA6-Security Misconfiguration
OWASP Top 10 2021
A3-InjectionA5-Security Misconfiguration
PCI DSS 4.0
6.2.4
HIPAA
§164.312 (e)(1)§164.312 (e)(2)(i)
CWE
CWE-113CWE-1027CWE-1029CWE-1036

Overview

The application includes data from an untrusted source into the HTTP response header. Cache poisoning attacks, XSS, cookie manipulation, page hijacking, open redirect attacks and others are possible.

One of the most common attacks with the use of this vulnerability is HTTP response splitting . In this case, the attacker includes special CR (carriage return, also denoted as %0d and \r) and LF (new line, also %0a and \n) characters into the response header. This allows the attacker to not only manage the content of a response after these characters, but also create his/her own answers.

Most modern servers include protection against such attacks.

References

  1. OWASP Top 10 2017-A1-Injection
  2. OWASP Top 10 2017-A6-Security Misconfiguration
  3. OWASP Top 10 2013-A1-Injection
  4. CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers (‘HTTP Response Splitting’)
  5. OWASP: HTTP Response Splitting
  6. CWE-20
  7. CWE CATEGORY: OWASP Top Ten 2017 Category A1 - Injection
  8. CWE CATEGORY: OWASP Top Ten 2017 Category A3 - Sensitive Data Exposure
  9. CWE-1036
MEDIUM

DerScanner Severity Score

Do you want to fix PHP : HTTP header manipulation in your application?

See also

PHP

PHP : Null salt

PHP

PHP : Empty password

PHP

PHP : Empty salt