HTTP_Response_Splitting issue exists @ src/main/java/org/joychou/controller/SSRF.java in branch master
Method ssrf_openStream at line 111 of src\main\java\org\joychou\controller\SSRF.java gets user input from the ""url"" element. This element’s value then flows through the code without being properly sanitized or validated, and is eventually used in an HTTP response header in ssrf_openStream at line 111 of src\main\java\org\joychou\controller\SSRF.java. This may enable an HTTP Response Splitting attack, in certain older versions that do not mitigate this attack.
Severity: Medium
CWE:113
Vulnerability details and guidance
Internal Guidance
Checkmarx
Lines: 114 111
Code (Line #114):
String url = request.getParameter("url");
Code (Line #111):
public static void ssrf_openStream (HttpServletRequest request, HttpServletResponse response) throws IOException {
HTTP_Response_Splitting issue exists @ src/main/java/org/joychou/controller/SSRF.java in branch master
Method ssrf_openStream at line 111 of src\main\java\org\joychou\controller\SSRF.java gets user input from the ""url"" element. This element’s value then flows through the code without being properly sanitized or validated, and is eventually used in an HTTP response header in ssrf_openStream at line 111 of src\main\java\org\joychou\controller\SSRF.java. This may enable an HTTP Response Splitting attack, in certain older versions that do not mitigate this attack.
Severity: Medium
CWE:113
Vulnerability details and guidance
Internal Guidance
Checkmarx
Lines: 114 111
Code (Line #114):
Code (Line #111):