Vulnerabilities/

CRLF Injection in URL

Severity:
High

Description

CRLF injection involves injecting Carriage Return (ASCII 13, \r) and Line Feed (ASCII 10, \n) characters into web requests or responses. These characters are used to denote new lines in HTTP messages, and their injection can lead to various attacks, including HTTP response splitting. Attackers exploit CRLF injection vulnerabilities to manipulate HTTP responses, insert arbitrary headers, or modify response bodies.

Recommendation

To mitigate CRLF injection vulnerabilities, ensure that web server configurations and web application logic properly encode CRLF characters before including them in responses. Implement input validation and output encoding mechanisms to filter out or encode user-supplied data to prevent injection attacks.

References

Related Issues

Tags:
CRLF Injection
HTTP Response Splitting
Injection
Anything's wrong? Let us know Last updated on May 13, 2024

This issue is available in SmartScanner Professional

See Pricing