|
|
|
|
CWE-93 Individual Dictionary Definition (Draft 9)
Weakness ID
| Status: Draft 93 (Weakness Base) | | Description | Summary The software uses CRLF (carriage return line feeds) as a special element, e.g. to
separate lines or records, but it does not properly sanitize CRLF sequences from inputs. | | Weakness Ordinality | Primary (Weakness exists independent of other weaknesses) | | Causal Nature | Explicit (This is an explicit weakness resulting from behavior of the developer) | | Potential Mitigations | Avoid using CRLF as a special sequence. Appropriately filter or quote CRLF sequences in user-controlled input. | | Observed Examples | | Reference | Description |
|---|
| CVE-2002-1771 | CRLF injection enables spam proxy (add mail headers) using email address or name. | | CVE-2002-1783 | CRLF injection in API function arguments modify headers for outgoing requests. | | CVE-2004-1513 | Spoofed entries in web server log file via carriage returns | | CVE-2006-4624 | Chain: inject fake log entries with fake timestamps using
CRLF injection | | CVE-2005-1951 | Chain: Application accepts CRLF in an object ID,
allowing HTTP response splitting. | | CVE-2004-1687 | Chain: HTTP response splitting via CRLF in parameter
related to URL. |
| | Context Notes | Factors: primary to HTTP Response Splitting. | | Research Gaps | Probably under-studied, although gaining more prominence in 2005 as a result of
interest in HTTP response splitting. | | References | | | Relationships | | | Source Taxonomies | PLOVER - CRLF Injection | | Applicable Platforms | All | | Related Attack Patterns | | CAPEC-ID | Attack Pattern Name |
|---|
| 81 | Web Logs Tampering | | 15 | Command Delimiters |
|
|