HTTP response splitting vulnerability detected.
- Rule ID: java_lang_http_response_splitting
- Languages: java
- Source: http_response_splitting.yml
Description
Including unsanitized user input in a HTTP response allows an attacker to split the response by injecting CRLF characters. An entirely attacker-controlled response can then be returned, creating a cross-site scripting (XSS) vulnerability.
Remediations
✅ Avoid using user input in cookies or other headers
✅ Remove CRLF sequences from user input:
var input = request.getParameter("data");
var sanitized = input.replaceAll("\r\n", "");
cookie.setValue(sanitized);Associated CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
OWASP Top 10
Configuration
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=java_lang_http_response_splittingTo run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=java_lang_http_response_splittingReady to take the next step? Learn more about Bearer Cloud.