CX HTTP_Response_Splitting @ EditorialsRecord_jsp.java [master]

rronen04 commented 3 years ago

HTTP_Response_Splitting issue exists @ EditorialsRecord_jsp.java in branch master

Method checkSecurity at line 400 of EditorialsRecord_jsp.java gets user input from the getQueryString element. This element’s value then flows through the code without being properly sanitized or validated, and is eventually used in an HTTP response header in checkSecurity at line 400 of EditorialsRecord_jsp.java. This may enable an HTTP Response Splitting attack, in certain older versions that do not mitigate this attack.

Severity: Medium

CWE:113

Checkmarx

Training Recommended Fix

Lines: 400

Code (Line #400):

        response.sendRedirect("Login.jsp?querystring=" + toURL(request.getQueryString()) + "&ret_page=" + toURL(request.getRequestURI()));

rronen04 commented 3 years ago

Issue still exists.

rronen04 commented 3 years ago

Issue still exists.

CxTests / BookStore

CX HTTP_Response_Splitting @ EditorialsRecord_jsp.java [master] #48