CRLF Injection

Risk:
Medium

Type:
Active

CWE:
CWE-113

Summary: Cookie can be set via CRLF injection. It may also be possible to set arbitrary HTTP response headers. In addition, by carefully crafting the injected response using cross-site script, cache poisoning vulnerability may also exist.

Solution: Type check the submitted parameter carefully. Do not allow CRLF to be injected by filtering CRLF.

References

https://owasp.org/www-community/vulnerabilities/CRLF_Injection

https://cwe.mitre.org/data/definitions/113.html

Free security scan for your website

Don't show website scan report rating on the leaderboard