Menu
Is HTTP Response splitting possible in below case:
String requestFilename = request.getParameter("name");
response.addHeader("content-disposition", "attachment; filename=" + requestFilename);
I am directly appending the unsanitized request parameter to the reponse header.
My Question is that by using CRLF characters can we insert our own header into response.
So far i have tried \r\n and %0D%0A but they do not work.
Is response.addHeader() immune to such attacks?
Can someone explain it to me how this attack can be executed?
779
Whether http response splitting is possible in your case will depend on the servlet container that is hosting the code.
For example, Tomcat guards against common security vunerabilities, with the CORS Filter dealing with response splitting (at least for the incoming request).
Tomcat also filters the values written to the response - see Http11OutputBuffer (line 383), which prevents corrupt values being returned to the client should they somehow end up as a header value.
Never say never, but if you're using an upto date version of popular web-server like Tomcat, you should be safe from well known vunerabilities like response splitting.
129
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
