HTTP Header Injection: Explanation & Remedy | Invicti (original) (raw)

Summary#

Invicti identified a CRLF (new line) HTTP header injection.

This means the input goes into HTTP headers without proper input filtering.

Impact#

Depending on the application, an attacker might carry out the following types of attacks:

• Cross-site scripting attack, which can lead to session hijacking
• Session fixation attack by setting a new cookie, which can also lead to session hijacking

Actions To Take#

1. See the remedy for solution.
2. Ensure the server security patches are up to date and that the current stable version of the software is in use.

Remediation#

Do not allow newline characters in input. Where possible, use strict whitelisting.

Required Skills for Successful Exploitation#

Crafting the attack to exploit this issue is not a complex process. However, most unsophisticated attackers will not know that such an attack is possible. Also, an attacker needs to reach his victim by e-mail or other similar method in order to entice them to visit the site or click on a URL.

Classifications#

PCI v3.2-6.5.1, OWASP 2013-A1, OWASP 2017-A1, CAPEC-105, CWE-93, WASC-24, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N, ISO27001-A.14.2.5, HIPAA-164.306(a), 164.308(a)

Further Reading#

Invicti Security Insights

• Top 5 injection attacks in application security
• HTTP security headers: An easy way to harden your web applications
• What is NoSQL Injection and How Can You Prevent It?
• Why Websites Need HTTP Strict Transport Security (HSTS)
• Content-Type and Status Code Leakage

Vulnerability Index

You can search and find all vulnerabilities

Select Category

• Critical
• High
• Medium
• Low
• Best Practice
• Information

OR

Search Vulnerability

Tags

OWASP 2013 A1 OWASP 2017 A1 injection HTTP

Related Vulnerabilities

• Blind SQL Injection
• Boolean Based SQL Injection
• SQL Injection
• Misconfigured Access-Control-Allow-Origin Header
• Missing X-Frame-Options Header