How to neutralize of CRLF Sequences in HTTP Headers

Question

I have gone through this link. [How to fix "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')"

But it does not give me the solution.

My code is also giving the error "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') CWE ID 113".

My code snippet is::

Cookie newloginCookie = new Cookie("CMCLoginCookie", userName + ":" + password);
                                newloginCookie.setMaxAge(24 * 60 * 60 * 1000);
                                response.addCookie(newloginCookie);

In veracode scan the error is giving for the last line. Not sure what to do for it.

Answer 1

By using ESAPI you can fix maximum CWE issue.

Basically the above issue is need to remove the \r\n value from user input by using regular expression or DefaultHTTPUtilities.