How to HTTP response splitting problem..??

Posted on 2006-03-21
Last Modified: 2010-04-11
Help me this problem:
How to HTTP response splitting problem: solution and example..i'm using java, Struts framework, MySQL
Question by:ncsvietnam
    LVL 32

    Expert Comment

    So just what _is_ your question?  What is the "HTTP response splitting problem" you are referring to?
    LVL 6

    Accepted Solution

    HTTP resposne splitting attack is the injection of %0d%0a into a string that later gets passed into HTTP headers. The attacker can then spoof the page output, set cookies, redirect the user somewhere else, etc.

    Here is an article with a pretty good description of this problem in PHP, that could be adapted to Java:

    You are only vulnerable to this problem if you somehow take user input that later gets inserted into the headers. For example, websites often have a Next= url passed in via the query string. You'd later use a client-side redirect to send the user to the location specified by Next=. In this case, you want to make sure to filter out any cases of ascii 10 and ascii 13 characters from the URL.

    If the URL hasn't been encoded (i.e. it looks like "a b"), you would use:
    url.replace('\n', ' ');
    url.replace('\r', ' ');

    If the URL has been encoded (i.e. it looks like "a%20b"), you would use

    url.replace("/%0a/ig", "");
    url.replace("/%0d/ig", "");

    Hope that helps.

    Author Comment

    but i can't understand code php. If have code example login about java.. is better.
    LVL 6

    Expert Comment

    Sure, the example above I gave in Java (the url.replace one).

    Or, you could simply use Javascript code to redirect the user instead of sending a Location header.  That way you won't be vulnerable to HTTP splitting since you're not sending any custom headers.

    <script language="JavaScript">window.location.href="http://newurl"></script>

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
    Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now