/vulndb/CRLF Injection

CRLF stands for Carriage Return Linefeed, which is a special sequence of characters (0x0D 0x0A in hex) used by the HTTP protocol as a line separator. A CRLF Injection attack occurs when an attacker manages to force the application to return the CRLF sequence plus attacker’s supplied data as part of the response headers.

CRLF vulnerabilities may be used as XSS (Cross-site Scripting) or HTTP Response Splitting attack vectors. In some cases it may also be possible to poison the cache of intermediate servers (proxies) an attack also known as HTTP Request Smuggling.

Solution

Inspect all user input for the CRLF character sequence and remove it if the data shall be included in the application response headers.

Caveats

In Windows both a CR and LF are required to note the end of a line, whereas in Linux/UNIX a LF is only required

References

https://www.owasp.org/index.php/CRLF_Injection https://www.owasp.org/index.php/HTTP_Request_Smuggling