M
Morgan Cheng
I have a crawler in C#. The main functionality relies on HttpWebRequest
and HttpWebResponse. It shows that some webpages are not downloaded
successfully. A WebException is thrown with info "exception happens:
The server committed a protocol violation. Section=ResponseHeader
Detail=CR must be followed by LF".
I know that HTTP requires headers seperated by CRLF, but it also
recommend UserAgent implementation to tolerate CR-only and LF-only
message. It is said that it is risky for user-agent to tolerate CR-only
or LF-only, but what is the security-hole? Which kind of attach can
takes advantage of that?
and HttpWebResponse. It shows that some webpages are not downloaded
successfully. A WebException is thrown with info "exception happens:
The server committed a protocol violation. Section=ResponseHeader
Detail=CR must be followed by LF".
I know that HTTP requires headers seperated by CRLF, but it also
recommend UserAgent implementation to tolerate CR-only and LF-only
message. It is said that it is risky for user-agent to tolerate CR-only
or LF-only, but what is the security-hole? Which kind of attach can
takes advantage of that?