Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
ID |
scala.cookie.scala_cookie_rule_requestparamtoheader |
Severity |
high |
Resource |
Cookie |
Language |
Scala |
Description
This code directly writes an HTTP parameter to an HTTP header, which allows for a HTTP response splitting vulnerability. See http://en.wikipedia.org/wiki/HTTP_response_splitting for more information.
Rationale
This code directly writes an HTTP parameter to an HTTP header, which allows for a HTTP response splitting vulnerability. See http://en.wikipedia.org/wiki/HTTP_response_splitting for more information.
Remediation
Follow secure coding practices and review the references below for detailed remediation guidance.
References
-
OWASP Top 10 2021 - A01 : Broken Access Control.