8 lines
908 B
Plaintext
8 lines
908 B
Plaintext
User-provided data, such as URL parameters, POST data payloads, or cookies, should always be considered untrusted and tainted. Applications constructing HTTP response headers based on tainted data could allow attackers to change security sensitive headers like Cross-Origin Resource Sharing headers.
|
|
|
|
|
|
Web application frameworks and servers might also allow attackers to inject new line characters in headers to craft malformed HTTP response. In this case the application would be vulnerable to a larger range of attacks like HTTP Response Splitting/Smuggling. Most of the time this type of attack is mitigated by default modern web application frameworks but there might be rare cases where older versions are still vulnerable.
|
|
|
|
|
|
As a best practice, applications that use user-provided data to construct the response header should always validate the data first. Validation should be based on a whitelist.
|