Highest Voted 'crlf-vulnerability' Questions

4

votes

3 answers

Spring Boot: CRLF - Securely log payload in REST API

I have a Spring Boot app which exposes a REST API. I need to log the payload to be able to find errors in the JSON in the API calls. I have ran a code analysis tools that reports the following security risk when I log the…

spring-boot rest crlf-vulnerability

asked May 20 '22 at 06:18

user1766169

1,932
3
22
44

4

votes

1 answer

Custom page for HTTP 404 page URL in Jenkins

My Jenkins is running on https://myhost:9043 using the standalone war on Linux with the below command. java -jar jenkins.war However, when I try the following URL for say https://myhost:9043/ the resource uri is obviously not…

security jenkins jetty http-status-code-404 crlf-vulnerability

asked Jun 30 '20 at 20:12

Ashar

2,942
10
58
122

4

votes

1 answer

Improper Neutralization of CRLF Sequences ('CRLF Injection') (CWE ID 93)

In Veracode report I am getting Error CWE 93 in some of the java files. In Instance of static scan some code is MimeMessage msg = new MimeMessage(session); msg.setFrom(new InternetAddress(msmtpfrom)); 2.msg.setRecipients(Message.RecipientType.TO,…

java veracode crlf-vulnerability

asked Apr 16 '19 at 10:12

Jaydeep Bobade

1,005
2
16
25

4

votes

2 answers

How to prevent code injection with EL expression

While I am using the JSF and I am trying to find the ValueExpression with below code: public static final ValueExpression createValueExpression( final FacesContext context, final ELContext elContext, final String ev, final…

security jsf el code-injection crlf-vulnerability

asked Mar 22 '18 at 06:35

Ashutosh Kumar

43
1
5

3

votes

0 answers

Format string %n of printf function doesn't work

#include int main(){ int a=100; printf("aaaaa%n",&a); printf("%d",a); } I used gcc to compile it ( :gcc a.c ) however, its output is as follows aaaaa100 The value of a doesn't change by the printf's %n format string I…

c security gcc format-string crlf-vulnerability

asked Jan 15 '17 at 09:29

peng xu

385
1
3
6

2

votes

2 answers

How can i change this code to be vulnerable of CRLF injection?

I create a simple spring web project, and there is only one Controller in the project, its code is: package com.example.sbtest.controller; import javax.servlet.http.HttpServletResponse; import org.springframework.stereotype.Controller; import…

java spring security websecurity crlf-vulnerability

asked Aug 31 '20 at 09:55

mtfly

35
6

2

votes

1 answer

Cacheleak vulnerability magento var folder issue

I have scan my site using https://www.magereport.com. I got Cacheleak vulnerability? unprotected issue. I need to know to fix this issue i have to define "location ^~ /var/ { return 403; }" , please tell me where i will add this code , if in htacess…

.htaccess security magento-1.9 crlf-vulnerability

asked Apr 06 '18 at 07:50

Amit Sharma

43
8

2

votes

1 answer

Preventing CRLF vulnerability on request header

i'm trying to fix the CRLF vulnerability on my application logger im currently logging my http request Path is there a way to validate this one? to remove any CR LF injection on my request Path im currently using c# as my programming language this…

c# asp.net-core-middleware crlf-vulnerability

asked Apr 02 '18 at 07:58

bRaNdOn

1,060
4
17
37

2

votes

1 answer

Improper Neutralization of CRLF Sequences ('CRLF Injection') in Mailadress in JAVA

This code: InternetAddress[] myAdrs = getAdrs(message.getToAddresses()); for (int i = 0; i < myAdrs.length; i++) { String s = myAdrs[i].getAddress(); s =…

java jakarta-mail veracode crlf-vulnerability

asked Nov 28 '17 at 19:17

Dan

41
2
7

2

votes

1 answer

WSO2 IS 5.2.0 CSRF Protection via CSRFGuard and/or CSRF Filter/Valve?

The documentation of WSO2 Identity Server 5.2.0 describes the usage of CSRF Filter or CSRF Valve as a way to mitigate CSRF attacks - see: WSO2 IS 5.2.0 Documentation. The configuration for that was available in carbon.xml of IS 5.1.0 but is missing…

csrf wso2 crlf-vulnerability wso2-identity-server

asked Nov 02 '16 at 10:38

Hos

447
4
11

1

vote

0 answers

How to solve cloud defense CRITICAL SEVERITY from pom,xml

CRITICAL - org.yaml:snakeyaml - Improper Input Validation VULNERABILITY CRITICAL CWE-20 CVE-2022-1471 CVSS 9.8 Introduced through: org.yaml:snakeyaml :1.27 Discovered on: Dec 1, 2022, 11:15 AM License(s): Apache-2.0 Exploit: 3.9 Fixed in: Not…

security sonarqube pom.xml crlf-vulnerability

asked Feb 16 '23 at 08:43

Krishna gaur

11
1

1

vote

1 answer

Input Validation and Representation - Header Manipulation: Cookies- C# Cookies - Header

Fortify has reported below issue Input Validation and Representation - Header Manipulation: Cookies HttpApplication application = (HttpApplication)source; if (application.Context.Handler is IRequiresSessionState) { …

c# security fortify crlf-vulnerability

asked May 31 '21 at 16:01

Sayeed Ahmed

57
9

1

vote

0 answers

How to Prevent External Service Interaction (DNS)

What is the meaning of Remediation of vulnerabilities and how to Implement it. Please advise. Thank you. (1)It is recommended to implement a whitelist of permitted services and hosts, and block any interactions that do not appear on this…

security penetration-testing crlf-vulnerability

asked Mar 10 '21 at 13:59

tim

13
5

1

vote

1 answer

CRLF Injection vulnerability while using slf4j LOGGER in Veracode (CWE 117)

It's a slf4j logger and i have been trying to log error with 2 messages parameters. catch(ExecutionException executionException) { LOGGER.error("TimeoutException caught , Error: " + SSG_TIMEOUT.getErrorText() + ". Message: "…

java security veracode crlf-vulnerability

asked Dec 01 '20 at 08:17

Amrit Gopal Singh

33
1
6

1

vote

1 answer

How to add HTTP Headers to Jenkins

I run the latest jenkins as a standalone as below. java -jar jenkins.war We used self-signed SSL certificate. When we access the Jenkins console and observe the HTTP response headers we see critical HTTP headers missing like for example…

security jenkins http-headers crlf-vulnerability

asked Jul 01 '20 at 09:04

Ashar

2,942
10
58
122

Questions tagged [crlf-vulnerability]