Questions tagged [crlf-vulnerability]
40 questions
0
votes
0 answers
Problem with CRLF Injection (using cookies)
I used VeraCode to validate my code, in the validation, I found a vulnerability type CRLF Injection, because, I used some cookies. I tried to solve, with the tag httpOnlyCookies=true in web.config file, or with CookieName.HttpOnly = true in C# code…
Turoel
- 1
- 1
0
votes
1 answer
How can we do VAPT using OWASP ZAP in microservices?
I had gone through the OWASP ZAP and I found that ZAP requires endpoint of the web application.
But still, I tried to provide URL of REST APIs of our microservices but I was getting 404 error. What I think is OWASP ZAP scans on HTTP GET method and…
0
votes
1 answer
How to fix Improper Neutralization of CRLF Sequences in HTTP Headers
After performing Vera code scan on my code, a flaw was reported saying " Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting - CWE ID 113') on the below code. How can I fix this code.
public void writeCookies() {
…
Nicolas
- 554
- 2
- 11
- 27
0
votes
0 answers
How to fix CRLF injection flaws for the below code
I have a VB.NET application which had a security scan and two CRLF injection flaws were identified. Can someone please help me to fix the flaw? The code is as below
In a code behind .vb file
Dim strFileName As String =…
ssuhas76
- 83
- 1
- 12
0
votes
1 answer
How to fix security issue "CRLF injection/HTTP response splitting (Web Server)"
After security scan from Acunetix, i got a medium severity alert "CRLF injection/HTTP response splitting (Web Server)".
I have filtered all CR LF characters from users input in my website. But still it shows same alert.
I don't understand how do i…
Amanullah Aman
- 633
- 1
- 12
- 29
-1
votes
1 answer
Getting an Image Vulnerability error for node.js for path-parse Prisma Cloud
Getting an Image Vulnerability error for node.js for path-parse, in the docker image scan post build.
node version: 12.16.1
Image: alpine3:3.10.2
Error from vulnerability image scan
Fix Status
fixed in: 1.0.7
All versions of package path-parse are…
Venkatesh Ramanujam
- 11
- 4
-1
votes
1 answer
What is CRLF and LF? What's the use case in Git?
I am new exploring git commands and suddenly found LF and CRLF. When run the command git add the terminal shows the below:
LF will be replaced by CRLF in app.js.
The file will have its original line endings in your working directory
-What is it…
Mushfik F Rahman
- 27
- 2
- 7
-1
votes
3 answers
Looking for a tool to perform website security audit
I am building a website for a client. He's asking me to do security audit of the website. I don't have expertise in security audits and the budget is low. However, I am trying to give the best value to my client. Is there any tool using which I can…
-1
votes
1 answer
How to protect PHP application from CRLF attack?
I am using Acunetix to scan my PHP application for security issues.
After all scans, I get a medium alert related to CRLF vulnerability. But I don't know how can I fix this issue.
I created a function to remove all possible codes for injections but…
Mohammad Saberi
- 12,864
- 27
- 75
- 127
-2
votes
1 answer
Denial of Service ReadLine vulnerability for spring java application
In my spring java application, scan tool is showing vulnerability for Denial of Service: ReadLine for ModelAttribute ("someFormBean")
@RequestMapping(method = RequestMethod.POST)
public String processForm(@Valid…
KJ21
- 63
- 7