ASP.NET header checking is disabled in web.config
Description
The ASP.NET application has disabled header checking by setting the enableHeaderChecking property to false in the httpRuntime configuration. This security feature, enabled by default, protects against HTTP response splitting attacks by automatically encoding carriage return (\r) and line feed (\n) characters to %0d and %0a when they appear in HTTP response headers. Disabling this protection allows attackers to potentially inject malicious headers or content into HTTP responses.
Remediation
Enable ASP.NET header checking by setting the enableHeaderChecking property to true in the web.config file. This is the recommended secure configuration and the default setting for ASP.NET applications.
Locate the <httpRuntime> element in your web.config file and ensure it is configured as follows:
<configuration>
<system.web>
<httpRuntime enableHeaderChecking="true" />
</system.web>
</configuration>If the httpRuntime element does not exist, add it with the above configuration. After making this change, restart the application to apply the new security setting. Additionally, review any code that sets HTTP response headers to ensure proper input validation and encoding is implemented.