CRLF injection vulnerability in jodd.http.HttpRequest#set and jodd.http.HttpRequest#send in jodd-http version 5.0.x , 5.1.x , 5.2.x , 6.0.x , 6.1.x , 6.2.x ( all versions so far ) , allows remote attackers to inject arbitrary TCP payload via CRLF sequences in a URL .
in jodd.http.HttpRequest#set() when processing path ,this.path(destination); is called ,and it is allowed to inject \r\n in query string and path and fragment .
in jodd.http.HttpRequest#sendTo() , this.buffer(true); is called , and trying to build the http request payload . However , the path , query string , frament and othor components are just appended insecurely , which leads to the crlf injection .
suggestion :
it is recommended to urlencode the invalid characters when constructing the http request payload .
The text was updated successfully, but these errors were encountered:
CRLF injection vulnerability in jodd-http
CRLF injection vulnerability in
jodd.http.HttpRequest#setandjodd.http.HttpRequest#sendinjodd-httpversion 5.0.x , 5.1.x , 5.2.x , 6.0.x , 6.1.x , 6.2.x ( all versions so far ) , allows remote attackers to inject arbitrary TCP payload via CRLF sequences in a URL .Proof of concept :
run the poc , listen on
127.0.0.1:6379details :
in
jodd.http.HttpRequest#set()when processing path ,this.path(destination);is called ,and it is allowed to inject\r\nin query string and path and fragment .in
jodd.http.HttpRequest#sendTo(),this.buffer(true);is called , and trying to build the http request payload . However , the path , query string , frament and othor components are just appended insecurely , which leads to the crlf injection .suggestion :
it is recommended to urlencode the invalid characters when constructing the http request payload .
The text was updated successfully, but these errors were encountered: