← Cybersecurity Alphabet Soup

CRLF

Carriage Return Line Feed

attackshard

CRLF injection abuses the carriage return and line feed characters that mark line endings in protocols like HTTP. By smuggling these characters into input that ends up in headers or logs, attackers can split responses, forge log entries, or set malicious headers. It matters as a building block for response splitting and cache poisoning attacks, and is prevented by sanitizing control characters.

Sources

More in attacks