Details
Alert Id 40003
Alert Type Active
Status release
Risk Medium
CWE 113
WASC 25
Technologies Targeted All
Tags OWASP_2017_A01
OWASP_2021_A03
WSTG-V42-INPV-15

Summary

Cookie can be set via CRLF injection. It may also be possible to set arbitrary HTTP response headers. In addition, by carefully crafting the injected response using cross-site script, cache poisoning vulnerability may also exist.

Solution

Type check the submitted parameter carefully. Do not allow CRLF to be injected by filtering CRLF.

References

Code

org/zaproxy/zap/extension/ascanrules/CrlfInjectionScanRule.java