WSO2 Products HTTP Response Header Injection Vulnerability

A header injection vulnerability has been identified in WSO2 API Control Plane, API Manager, Traffic Manager, and Universal Gateway, all in version 4.5.0, as well as WSO2 API Manager versions 4.4.0, 4.3.0, 4.2.0, and 4.1.0. This vulnerability allows malicious actors to manipulate HTTP request headers in Webhook API invocations, injecting or overwriting HTTP response headers. The lack of proper validation or sanitization of user-supplied input in HTTP request headers enables this exploitation. The consequences of this vulnerability include the potential for session hijacking or other malicious activities by injecting sensitive information such as cookie values, altering security-related headers, or disrupting browser caching behaviors.

Impact

Exploitation of this vulnerability allows for the injection or overwriting of arbitrary HTTP response headers. This could manipulate browser caching, alter security-related headers, or inject sensitive information like cookie values, potentially leading to session hijacking or other malicious activities.

Remediation

Users of WSO2 API Control Plane, API Manager, Traffic Manager, and Universal Gateway can apply the relevant public fixes available on GitHub. For WSO2 Support Subscription Holders, updates can be applied through the WSO2 Updates service.