Issues » CRLF Header Injection vulnerability

Issue: SI-26
Date: Jul 17, 2014 3:00:00 PM
Severity: Moderate
Requires Admin Access: No
Fix Version: 3.0
Credit: Isaac.nl
Description:

Scanning software (Acunetix) has reported a CRLF Injection vulnerability in the htmlpdf servlet.

I have discussed this report with our Dotcms developers and they feel the report is correct and the problem is located in the Dotcms codebase.

Workaround:

Unmap the htmlpdf servlet if it is not being used.  If it is being used, update the code to sanitize the filename parameter.

Back to the top