Veracode CRLF Error

CRLF Injection (1 flaw) 
Description
The acronym CRLF stands for "Carriage Return. Line Feed" and refers to the sequence of characters used to denote the end
of a line of text. CRLF injection vulnerabilities occur when data enters an application from an untrusted source and is not
properly validated before being used. For example. if an attacker is able to inject a CRLF into a log file, he could append
falsified log entries, thereby misleading administrators or cover traces of the attack. if an atlacker is able to inject CRLFS Into
an HTTP response header, he can use this ability to catry out other atlacks such as cache poisoning CRLF vulnerabilities
primarily affect dala integrity.

Recommendations
Apply robust inpul filtering for all user-supplied dala using.cehtralized.data valdation.routines when possible. Use output
fillers to sanitize ail output denved from user supplled inpat. replacing non alchanumenc. characters with their HTML entity
equivalents.
Associated Flaws by CWE ID.
Improper Output Neutralization for Logs (CWE ID 117)(1 flaw)
Description

Solution :

Log. info(ESAPI.encoder(). encodeForHTML(message)). 



Comments

Popular posts from this blog

Angular cli ng command is not working

warning: LF will be replaced by CRLF in