DerScanner
Home / Vulnerability Database / Scala : HTTP header manipulation
Scala

Scala : HTTP header manipulation

Classification

OWASP Top 10 2013
A1-InjectionA3-Cross-Site Scripting (XSS)A10-Unvalidated Redirects and Forwards
OWASP Top 10 2017
A1-InjectionA6-Security Misconfiguration
OWASP Top 10 2021
A3-InjectionA5-Security Misconfiguration
PCI DSS 4.0
6.2.4
HIPAA
§164.312 (e)(1)§164.312 (e)(2)(i)
CWE
CWE-113CWE-1027CWE-1029CWE-1036

Overview

The application includes data from an untrusted source into the HTTP response header. Cache poisoning attacks, XSS, cookie manipulation, page hijacking, open redirect attacks and others are possible.

One of the most common attacks with the use of this vulnerability is HTTP response splitting . In this case, the attacker includes special CR (carriage return, also denoted as %0d and \r) and LF (new line, also %0a and \n) characters into the response header. This allows the attacker to not only manage the content of a response after these characters, but also create his/her own answers.

Most modern servers include protection against such attacks. For example, Apache Tomcat will generate exception of the IllegalArgumentException type when attempting to inject banned symbols into the header.

References

  1. OWASP Top 10 2017-A1-Injection
  2. OWASP Top 10 2013-A1-Injection
  3. CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers (‘HTTP Response Splitting’)
  4. OWASP: HTTP Response Splitting
  5. CWE CATEGORY: OWASP Top Ten 2017 Category A1 - Injection
  6. CWE CATEGORY: OWASP Top Ten 2017 Category A3 - Sensitive Data Exposure
  7. CWE-1036
MEDIUM

DerScanner Severity Score

Do you want to fix Scala : HTTP header manipulation in your application?

See also

Scala

Scala : Unreleased resource stream

Scala

Scala : Multiple loggers in same class

Scala

Scala : Insufficient encryption key length