Description

This web application is configured with the httpRuntime property enableHeaderChecking set to false. When configured this way, it will disable ASP.NET's detection of header injection attacks. When this property is true, which is the default, the \r or \n characters found in a response header are encoded to %0d and %0a. This defeats header-injection attacks by making the injected material part of the same header line.

Remediation

It's recommended to set httpRuntime property enableHeaderChecking set to true. 

<httpRuntime enableHeaderChecking="true" >

References

EnableHeaderChecking

Related Vulnerabilities

Spring Boot Misconfiguration: Overly long session timeout

TRACK method is enabled

Insecure Transportation Security Protocol Supported (TLS 1.0)

Symfony debug mode enabled (AcuSensor)

Spring Boot Misconfiguration: Unsafe value for session tracking

Severity

Medium

Classification

CWE-16 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Configuration