CWE-113 HTTP Response Splitting
What this means
SiteShadow flagged untrusted input being used in HTTP headers or redirect locations without proper sanitization. Attackers can inject CRLF sequences (\r\n) and potentially add/modify headers.
Why it matters
Attackers can inject CRLF sequences to split responses or set malicious headers.
- Set-Cookie injection: attacker can set cookies for your domain in some cases.
- Cache poisoning: injected headers can change caching behavior.
- Redirect/header manipulation: can be chained into phishing or XSS depending on context.
Safer examples
1) Never put raw user input into headers
Use server-generated values or allowlists.
2) Validate and sanitize header values
Reject values containing \r or \n and enforce allowed character sets.
3) Use framework helpers
Framework response APIs often normalize headers safely; avoid manual header concatenation.
How SiteShadow detects it (high level)
- Flags header-setting APIs (
setHeader,header,Location) using request-derived values. - Detects patterns that allow CRLF injection into headers.
References
- CWE-113: https://cwe.mitre.org/data/definitions/113.html
---