支持 » 安装、升级和使用 » WordPress漏洞扫描-高危漏洞

  • wyz_831030

    (@wyz_831030)


    CRLF injection/HTTP response splitting

    Severity High
    Type Validation
    Reported by module Scripting (CRLF_Injection.script)
    Description
    This script is possibly vulnerable to CRLF injection attacks.

    HTTP headers have the structure “Key: Value”, where each line is separated by the CRLF combination. If the user input is injected into the value section without properly escaping/removing CRLF characters it is possible to alter the HTTP headers structure.
    HTTP Response Splitting is a new application attack technique which enables various new attacks such as web cache poisoning, cross user defacement, hijacking pages with sensitive user information and cross-site scripting (XSS). The attacker sends a single HTTP request that forces the web server to form an output stream, which is then interpreted by the target as two HTTP responses instead of one response.

  • 话题 ‘WordPress漏洞扫描-高危漏洞’不再接受新回复。