Veracode- Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

String docFormat = CommonUtil.getFrmtCode(fileName);
String contentType = (CommonUtil.getMimeType(docFormat));
_response.setContentType(contentType);// line 3


_response.addHeader(CACHE_CONTROL,“max-age=3600, must-revalidate”);
_response.addHeader(CONTENT_DISPOSITION,“attachment; filename=” + fileName);//line 5

line 3 and 5 giving issue This call to javax.servlet.ServletResponse.setContentType() contains an HTTP response splitting flaw. Kindly let me know any solution



Hi @jayasharma8,

Your question would probably be a bit easier for the community to answer if you gave some context surrounding your question. What are you trying to do? What is the expected behavior? Where are things going wrong?