Improper Neutralization of CRLF Sequences ('CRLF Injection')

CVE-2016-9964

Medium

6.5/10

Summary

redirect() in bottle.py before bottle 0.12.11 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')

The software uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

References

Advisory
Advisory
Issue

Advisory Timeline

Published Dec 16, 2016

Improper Neutralization of CRLF Sequences ('CRLF Injection')

CVE-2016-9964

Summary

CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS