Skip to content

Netty HTTP Response Splitting (CRLF Injection) due to disabled header validation #22

New issue
New issue
Closed
Closed
Netty HTTP Response Splitting (CRLF Injection) due to disabled header validation#22
Labels
MediumBounty entry rated as MediumReviewed by the Lab 🧪GH Security Lab has rate the contributionThe Bug SlayerSubmissions to The Bug Slayer bounty
@JLLeitschuh

Description

@JLLeitschuh
JLLeitschuh
opened on Dec 13, 2019

CVE ID(s)

I also updated the netty documentation to call this out more explicitly to developers in the future:
netty/netty#9646

Report

Query: github/codeql#2192

This query detects uses of new DefaultHttpHeaders(false) which disables the internal CRLF injection checks of netty leaving the library vulnerable to CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

I actually didn't end up using this query to find CVE-2019-17513 or CVE-2019-16771, instead, I found them using the fuzzy search built into GitHub. I do, however, hope that this query will prevent this vulnerability from appearing in the future.

  • Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc). We would love to have you spread the word about the good work you are doing

Metadata

Metadata

Assignees

No one assigned

    Labels

    MediumBounty entry rated as MediumReviewed by the Lab 🧪GH Security Lab has rate the contributionThe Bug SlayerSubmissions to The Bug Slayer bounty

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions