Tag Archives: CVE-2002-1771

CWE-93 – Improper Neutralization of CRLF Sequences (‘CRLF Injection’)

Read Time:51 Second

Description

The software uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

CWE-74
CWE-117

 

Consequences

Integrity: Modify Application Data

 

Potential Mitigations

Phase: Implementation

Effectiveness:

Description: 

Avoid using CRLF as a special sequence.

Phase: Implementation

Effectiveness:

Description: 

Appropriately filter or quote CRLF sequences in user-controlled input.

CVE References

 

  • CVE-2002-1771
    • CRLF injection enables spam proxy (add mail headers) using email address or name.
  • CVE-2002-1783
    • CRLF injection in API function arguments modify headers for outgoing requests.
  • CVE-2004-1513
    • Spoofed entries in web server log file via carriage returns
  • CVE-2006-4624
    • Chain: inject fake log entries with fake timestamps using CRLF injection
  • CVE-2005-1951
    • Chain: Application accepts CRLF in an object ID, allowing HTTP response splitting.
  • CVE-2004-1687
    • Chain: HTTP response splitting via CRLF in parameter related to URL.