CRLF Injection
- 警报等级:
Medium
- 警报类型:
- Active
- CWE:
- CWE-113
- 摘要
Cookie can be set via CRLF injection. It may also be possible to set arbitrary HTTP response headers. In addition, by carefully crafting the injected response using cross-site script, cache poisoning vulnerability may also exist.
- 解决方案
Type check the submitted parameter carefully. Do not allow CRLF to be injected by filtering CRLF.