Details
Alert Id 40003
Alert Type Active Scan Rule
Status release
Risk Medium
CWE 113
WASC 25

Summary

Cookie can be set via CRLF injection. It may also be possible to set arbitrary HTTP response headers. In addition, by carefully crafting the injected response using cross-site script, cache poisoning vulnerability may also exist.

Solution

Type check the submitted parameter carefully. Do not allow CRLF to be injected by filtering CRLF.

References

Code

org/zaproxy/zap/extension/ascanrules/CrlfInjectionScanRule.java