logo

Database

Java Reflected Xss Header Unsanitized

Description

Detects reflected Cross-Site Scripting (XSS) vulnerabilities where unsanitized HTTP header values are written directly to the response in Java web applications. This creates a security risk where attackers can inject malicious scripts through HTTP headers that get reflected back to users.

Weakness:

008 - Reflected cross-site scripting (XSS)

Category: Unexpected Injection

Detection Strategy

    Application uses Java servlet response writers (PrintWriter or HttpServletResponse)

    HTTP header values are read and written to the response without proper sanitization

    Response writing occurs through dangerous methods like PrintWriter.write() or response.getWriter().print()

    The written content contains or is derived from header input without HTML encoding or escaping

Vulnerable code example

import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class VulnerableServlet extends HttpServlet {
    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException {
        String userInput = request.getHeader("user-data");  // Dangerous: Unsanitized input from header
        response.setHeader("X-XSS-Protection", "0");        // Dangerous: Disables XSS protection...

✅ Secure code example

import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.owasp.encoder.Encode;  // For output encoding

public class SecureServlet extends HttpServlet {
    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException {
        // Enable XSS protection and set strict headers...