Welcome! Log In Create A New Profile

Advanced

Re: http response splitting vulnerability

Previous Message Next Message
Forum List Message List New Topic Print View
Kurt Hansen
August 05, 2009 10:18PM
I tried the application level first. Didn't work, but your advice had me
go back and look again. That did it! I fixed it there.

Thanks!

Take care,

Kurt

Ray wrote:
> Seems like you might need to solve this at the web application level,
> unless the response splitting was done by nginx/backend server itself?
>
> Ray
>
> On Wed, Aug 5, 2009 at 10:58 AM, Kurt Hansen <khansen@charityweb.net
> <mailto:khansen@charityweb.net>> wrote:
>
> Hello,
>
> Our server is checked each day by McAffee to see if there are any
> vulnerabilities.
>
> It found one that I'm not sure what to do. Here's the description
> from McAfee:
>
> >>QUOTE
> HTTP response splitting is the ability for an attacker to modify
> the headers of an HTTP response due to lack of input validation on
> requests that are sent to the application server.
>
> A vulnerable web application or web server allows the user to
> insert a Carriage Return (%0D or \r) and/or a Line Feed (%0A or
> \n) into the headers of an HTTP response. This is usually done by
> sending modified requests to the web application and the web
> application responding with the user supplied data being inserted
> into a header. The attacker then constructs and attack using a
> CRLF (Carriage Return-Line Feed) attack that has the client
> interpret the data as 2 separate responses.
> <<END QUOTE
>
> Here's the proposed solution:
>
> >>QUOTE
> All input that is sent to a web application should not be trusted
> and should be assumed malicious. Characters such as Carriage
> Return (CR) and Line Feed (LF) should be removed from all requests
> before being interpreted by the web application server.
>
> An attacker can also use encoded Carriage Returns and Line Feeds
> to exploit the web server, and user-specified Carriage Returns and
> Line Feeds serve no business purpose on a web server. Filter the
> following characters from all user supplied input:
>
> %0D
> %0A
> %0D%0A
> \r
> \n
> \r\n
> <<END QUOTE
>
>
> How can I implement this fix in nginx? I'm using it as a reverse
> proxy.
>
> Thanks!
>
> Take care,
>
> Kurt Hansen
>
>
Reply Quote
RSS
Subject Author Posted

http response splitting vulnerability

Kurt Hansen August 04, 2009 10:58PM

Re: http response splitting vulnerability

Ray August 04, 2009 11:15PM

Re: http response splitting vulnerability

Kurt Hansen August 05, 2009 10:18PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 89
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready