satyamchaurasiapersistent
commented
2 years ago Issue still exists.
Closed satyamchaurasiapersistent closed 2 years ago
satyamchaurasiapersistent
commented
2 years ago Issue still exists.
satyamchaurasiapersistent
commented
2 years ago Issue still exists.
satyamchaurasiapersistent
commented
2 years ago Issue still exists.
HTTP_Response_Splitting issue exists @ src/main/webapp/vulnerability/sqli/download_id_union.jsp in branch master
Method fileid=request.getParameter at line 18 of src\main\webapp\vulnerability\sqli\download_id_union.jsp gets user input from the ""fileid"" element. This element’s value then flows through the code without being properly sanitized or validated, and is eventually used in an HTTP response header in response.setHeader at line 38 of src\main\webapp\vulnerability\sqli\download_id_union.jsp. This may enable an HTTP Response Splitting attack, in certain older versions that do not mitigate this attack.
Severity: Medium
CWE:113
Vulnerability details and guidance
Checkmarx
Training Recommended Fix
Lines: 18
Code (Line #18):