Minimize Web Applications vulnerabilities through the early Detection of CRLF Injection
Carriage return (CR) and line feed (LF), also known as CRLF injection is a type of vulnerability that allows a hacker to enter special characters into a web application, altering its operation or confusing the administrator. Log poisoning and HTTP response splitting are two prominent harmful uses of...
Saved in:
| Main Authors | , |
|---|---|
| Format | Journal Article |
| Language | English |
| Published |
04.03.2023
|
| Subjects | |
| Online Access | Get full text |
| DOI | 10.48550/arxiv.2303.02567 |
Cover
| Abstract | Carriage return (CR) and line feed (LF), also known as CRLF injection is a
type of vulnerability that allows a hacker to enter special characters into a
web application, altering its operation or confusing the administrator. Log
poisoning and HTTP response splitting are two prominent harmful uses of this
technique. Additionally, CRLF injection can be used by an attacker to exploit
other vulnerabilities, such as cross-site scripting (XSS). According to Open
Web Application Security Project (OWASP), CRLF vulnerabilities are among the
top 10 vulnerabilities and are a type of injection attack. Automated testing
can help to quickly identify CRLF vulnerabilities, and is particularly useful
for companies to test their applications before releasing them. However, CRLF
vulnerabilities foster a better approach to mitigate CRLF vulnerabilities in
the early stage and help secure applications against high-risk known
vulnerabilities. There has been less research on CRLF vulnerabilities and how
to detect them with automated testing. There is room for further research to be
done on this subject matter in order to develop creative solutions to problems.
It will also help to reduce false positive alerts by checking the header
response of each request. Security automation is an important issue for
companies trying to protect themselves against security threats. Automated
alerts from security systems can provide a quicker and more accurate
understanding of potential vulnerabilities and can help to reduce false
positive alerts. Despite the extensive research on various types of
vulnerabilities in web applications, CRLF vulnerabilities have only recently
been included in the research. Utilizing automated testing as a recurring task
can assist companies in receiving consistent updates about their systems and
enhance their security. |
|---|---|
| AbstractList | Carriage return (CR) and line feed (LF), also known as CRLF injection is a
type of vulnerability that allows a hacker to enter special characters into a
web application, altering its operation or confusing the administrator. Log
poisoning and HTTP response splitting are two prominent harmful uses of this
technique. Additionally, CRLF injection can be used by an attacker to exploit
other vulnerabilities, such as cross-site scripting (XSS). According to Open
Web Application Security Project (OWASP), CRLF vulnerabilities are among the
top 10 vulnerabilities and are a type of injection attack. Automated testing
can help to quickly identify CRLF vulnerabilities, and is particularly useful
for companies to test their applications before releasing them. However, CRLF
vulnerabilities foster a better approach to mitigate CRLF vulnerabilities in
the early stage and help secure applications against high-risk known
vulnerabilities. There has been less research on CRLF vulnerabilities and how
to detect them with automated testing. There is room for further research to be
done on this subject matter in order to develop creative solutions to problems.
It will also help to reduce false positive alerts by checking the header
response of each request. Security automation is an important issue for
companies trying to protect themselves against security threats. Automated
alerts from security systems can provide a quicker and more accurate
understanding of potential vulnerabilities and can help to reduce false
positive alerts. Despite the extensive research on various types of
vulnerabilities in web applications, CRLF vulnerabilities have only recently
been included in the research. Utilizing automated testing as a recurring task
can assist companies in receiving consistent updates about their systems and
enhance their security. |
| Author | Hasan, MD Asibul Rahman, Md. Mijanur |
| Author_xml | – sequence: 1 givenname: MD Asibul surname: Hasan fullname: Hasan, MD Asibul – sequence: 2 givenname: Md. Mijanur surname: Rahman fullname: Rahman, Md. Mijanur |
| BackLink | https://doi.org/10.48550/arXiv.2303.02567$$DView paper in arXiv |
| BookMark | eNqFjjsOgkAUALfQwt8BrHwXEBFEbQ1KNNHGmFCShTzkmWWXLAsRT6-gvdUkkylmyHpSSWRsurSt1dbz7AXXT6otx7Vdy3a89WbAwgtJyumFEGIMu6IQlHBDSpZQV0Ki5jEJMoQlmEyr6p59iIBciwb2aDBpY1Ap-NdzACf5-Jox66dclDj5ccRmweHmH-fdQlRoyrluonYl6lbc_8UbbnFBEw |
| ContentType | Journal Article |
| Copyright | http://creativecommons.org/licenses/by/4.0 |
| Copyright_xml | – notice: http://creativecommons.org/licenses/by/4.0 |
| DBID | AKY GOX |
| DOI | 10.48550/arxiv.2303.02567 |
| DatabaseName | arXiv Computer Science arXiv.org |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: GOX name: arXiv.org url: http://arxiv.org/find sourceTypes: Open Access Repository |
| DeliveryMethod | fulltext_linktorsrc |
| ExternalDocumentID | 2303_02567 |
| GroupedDBID | AKY GOX |
| ID | FETCH-arxiv_primary_2303_025673 |
| IEDL.DBID | GOX |
| IngestDate | Wed Jul 23 01:26:24 EDT 2025 |
| IsDoiOpenAccess | true |
| IsOpenAccess | true |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-arxiv_primary_2303_025673 |
| OpenAccessLink | https://arxiv.org/abs/2303.02567 |
| ParticipantIDs | arxiv_primary_2303_02567 |
| PublicationCentury | 2000 |
| PublicationDate | 2023-03-04 |
| PublicationDateYYYYMMDD | 2023-03-04 |
| PublicationDate_xml | – month: 03 year: 2023 text: 2023-03-04 day: 04 |
| PublicationDecade | 2020 |
| PublicationYear | 2023 |
| Score | 3.652935 |
| SecondaryResourceType | preprint |
| Snippet | Carriage return (CR) and line feed (LF), also known as CRLF injection is a
type of vulnerability that allows a hacker to enter special characters into a
web... |
| SourceID | arxiv |
| SourceType | Open Access Repository |
| SubjectTerms | Computer Science - Cryptography and Security Computer Science - Logic in Computer Science Computer Science - Software Engineering |
| Title | Minimize Web Applications vulnerabilities through the early Detection of CRLF Injection |
| URI | https://arxiv.org/abs/2303.02567 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwdV1NSwMxEB3anryIolK_5-A16maTzXos1bWKVRCle1uSbQIrupW6LeKvNx8r9tJTYDKEITm8eczMC8DZVcSFUpEhXBlKmIwUsTTCkNQkl6kw1Gg_ITd-TEav7D7neQfwbxZGzr-rZdAHVl8XNj-Ozx0qiy50KXXk6vYpD8VJL8XV-v_72RzTm1ZAItuCzTa7w0F4jm3o6HoHJuOqrj6qH40TrXCwUjHG5eLdqT77BlVLWbH9NceuGrWTHsZr3fhmqRpnBofPDxne1W_Bsgun2c3LcER8KMVn0I0oXJSFjzLeg55l97oPGEnFknIam9gCZVlqKVLDEi6mQrIk5XQf-utOOVi_dQgb7l903yzFjqDXzBf62KJno078Ff4CXWl0-g |
| linkProvider | Cornell University |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Minimize+Web+Applications+vulnerabilities+through+the+early+Detection+of+CRLF+Injection&rft.au=Hasan%2C+MD+Asibul&rft.au=Rahman%2C+Md.+Mijanur&rft.date=2023-03-04&rft_id=info:doi/10.48550%2Farxiv.2303.02567&rft.externalDocID=2303_02567 |