Security Test: CRLF Injection¶

Description¶

Default Severity:

CRLF injection happens when an attacker tricks your system into inserting unintended carriage return and newline characters in HTTP headers. This allows them to end one header and start another, potentially giving them the power to craft rogue requests or inject malicious headers. The risk is significant because it can lead to altered responses, redirections, or even sensitive data leaks if the attackers control parts of the HTTP exchange. Developers often fall into pitfalls by not properly sanitizing inputs that may be inserted into headers, assuming that trusted data won’t include newline characters. It's a sharp reminder to always clean and validate any data used in constructing HTTP responses.

Reference:

http://www.watchfire.com/resources/HTTPResponseSplitting.pdf

Configuration¶

Identifier: injection/crlf

Examples¶

All configuration available:

checks:
  injection/crlf:
    skip: false # default

Compliance and Standards¶

Standard	Value
OWASP API Top 10	API10:2023
OWASP LLM Top 10	LLM02:2023
PCI DSS	`6.5.1`
GDPR	`Article-32`
SOC2	`CC1`
PSD2	`Article-95`
ISO 27001	`A.14.2`
NIST	`SP800-53`
FedRAMP	`AC-4`
CWE	`93`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C`
CVSS Score	`5.1`