Difference between revisions of "CRLF Injection"

From OWASP
Jump to: navigation, search
(Description)
Line 1: Line 1:
 
{{Template:Vulnerability}}
 
{{Template:Vulnerability}}
 +
 +
[[Category:FIXME|This is the text from the old template. This needs to be rewritten using the new template.]]
 +
 +
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
 +
 +
[[ASDR_TOC_Vulnerabilities|Vulnerabilities Table of Contents]]
 +
 +
[[ASDR Table of Contents]]
 +
__TOC__
 +
  
 
==Description==
 
==Description==
 +
 
The term CRLF refers to '''C'''arriage '''R'''eturn (ASCII 13, \r) '''L'''ine '''F'''eed (ASCII 10, \n). They're used to note the termination of a line, however, dealt with differently in today’s popular Operating Systems. For example: in Windows both a CR and LF are required to note the end of a line, whereas in Linux/UNIX a LF is only required.
 
The term CRLF refers to '''C'''arriage '''R'''eturn (ASCII 13, \r) '''L'''ine '''F'''eed (ASCII 10, \n). They're used to note the termination of a line, however, dealt with differently in today’s popular Operating Systems. For example: in Windows both a CR and LF are required to note the end of a line, whereas in Linux/UNIX a LF is only required.
  
 
A CRLF Injection attack occurs when a user managed to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL.
 
A CRLF Injection attack occurs when a user managed to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL.
  
==Impact and Example==
+
 
 +
==Risk Factors==
 +
 
 +
TBD
 +
 
 +
 
 +
==Examples==
 +
 
 
Depending on how the application is developed this can be a minor problem or a fairly serious security flaw. Lets look at the latter because this is after all a security related post.  
 
Depending on how the application is developed this can be a minor problem or a fairly serious security flaw. Lets look at the latter because this is after all a security related post.  
  
Line 13: Line 31:
 
Another example is the "response splitting" attacks, where CRLF's is injected into an application and included in the response.  The extra CRLF's are interpreted by proxies, caches, and maybe browsers as the end of a packet, causing mayhem.
 
Another example is the "response splitting" attacks, where CRLF's is injected into an application and included in the response.  The extra CRLF's are interpreted by proxies, caches, and maybe browsers as the end of a packet, causing mayhem.
  
==Categories==
+
 
 +
==Related [[Attacks]]==
 +
 
 +
* [[Attack 1]]
 +
* [[Attack 2]]
 +
 
 +
 
 +
==Related [[Vulnerabilities]]==
 +
 
 +
* [[Vulnerability 1]]
 +
* [[Vulnerabiltiy 2]]
 +
 
 +
 
 +
==Related [[Controls]]==
 +
 
 +
* [[Control 1]]
 +
* [[Control 2]]
 +
 
 +
 
 +
==Related [[Technical Impacts]]==
 +
 
 +
* [[Technical Impact 1]]
 +
* [[Technical Impact 2]]
 +
 
 +
 
 +
==References==
 +
TBD
 +
 
 +
[[Category:FIXME|add links
 +
 
 +
In addition, one should classify vulnerability based on the following subcategories: Ex:<nowiki>[[Category:Error Handling Vulnerability]]</nowiki>
 +
 
 +
Availability Vulnerability
 +
 
 +
Authorization Vulnerability
 +
 
 +
Authentication Vulnerability
 +
 
 +
Concurrency Vulnerability
 +
 
 +
Configuration Vulnerability
 +
 
 +
Cryptographic Vulnerability
 +
 
 +
Encoding Vulnerability
 +
 
 +
Error Handling Vulnerability
 +
 
 +
Input Validation Vulnerability
 +
 
 +
Logging and Auditing Vulnerability
 +
 
 +
Session Management Vulnerability]]
 +
 
 +
__NOTOC__
 +
 
 +
 
 +
[[Category:OWASP ASDR Project]]
 
[[Category:Vulnerability]]
 
[[Category:Vulnerability]]
 
[[Category:Implementation]]
 
[[Category:Implementation]]

Revision as of 11:32, 23 September 2008

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Last revision (mm/dd/yy): 09/23/2008

Vulnerabilities Table of Contents

ASDR Table of Contents

Contents


Description

The term CRLF refers to Carriage Return (ASCII 13, \r) Line Feed (ASCII 10, \n). They're used to note the termination of a line, however, dealt with differently in today’s popular Operating Systems. For example: in Windows both a CR and LF are required to note the end of a line, whereas in Linux/UNIX a LF is only required.

A CRLF Injection attack occurs when a user managed to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL.


Risk Factors

TBD


Examples

Depending on how the application is developed this can be a minor problem or a fairly serious security flaw. Lets look at the latter because this is after all a security related post.

Let's assume a file is used at some point to read/write data to, such as a log of some sort. If an attacker managed to place a CRLF then can then inject some sort of read programmatic method to the file. This could result in the contents being written to screen on the next attempt to use this file.

Another example is the "response splitting" attacks, where CRLF's is injected into an application and included in the response. The extra CRLF's are interpreted by proxies, caches, and maybe browsers as the end of a packet, causing mayhem.


Related Attacks


Related Vulnerabilities


Related Controls


Related Technical Impacts


References

TBD