HTTP response splitting is a form of web application vulnerability, resulting from the failure of the application or its environment to properly sanitize input values. It can be used to perform cross-site scripting attacks, cross-user defacement, web cache poisoning, and similar exploits.
The attack consists of making the server print a carriage return (CR, ASCII 0x0D) line feed (LF, ASCII 0x0A) sequence followed by content supplied by the attacker in the header section of its response, typically by including them in input fields sent to the application. Per the HTTP standard (RFC 2616), headers are separated by one CRLF and the response's headers are separated from its body by two. Therefore, the failure to remove CRs and LFs allows the attacker to set arbitrary headers, take control of the body, or break the response into two or more separate responses—hence the name.
and 25 Related for: HTTP response splitting information
HTTPresponsesplitting is a form of web application vulnerability, resulting from the failure of the application or its environment to properly sanitize...
the HTTP 404, 404 not found, 404, 404 error, page not found, or file not found error message is a hypertext transfer protocol (HTTP) standard response code...
authenticated, and implies that a successful response may be returned following valid authentication, HTTP 403 is returned when the client is not permitted...
On the World Wide Web, HTTP 301 is the HTTPresponse status code for 301 Moved Permanently. It is used for permanent redirecting, meaning that links or...
generated based on user input. Header injection in HTTPresponses can allow for HTTPresponsesplitting, session fixation via the Set-Cookie header, cross-site...
list of Hypertext Transfer Protocol (HTTP) response status codes. Status codes are issued by a server in response to a client's request made to the server...
The HTTPresponse status code 302 Found is a common way of performing URL redirection. The HTTP/1.0 specification (RFC 1945) initially defined this code...
representation along with its corresponding ETag value, which is placed in an HTTPresponse header "ETag" field: ETag: "686897696a7c876b7e" The client may then...
receive multiple HTTP requests/responses, as opposed to opening a new connection for every single request/response pair. The newer HTTP/2 protocol uses...
In HTTP, "Referer" (a misspelling of Referrer) is an optional HTTP header field that identifies the address of the web page (i.e., the URI or IRI), from...
case of HTTP/0.9 no headers are transmitted). The request/response message consists of the following: Request line, such as GET /logo.gif HTTP/1.1 or Status...
HTTP header fields are a list of strings sent and received by both the client program and server on every HTTP request and response. These headers are...
than with HTTP/2, in some cases over three times faster than HTTP/1.1 (which is still commonly only enabled). HTTP functions as a request–response protocol...
The HTTPresponse status code 303 See Other is a way to redirect web applications to a new URI, particularly after a HTTP POST has been performed, since...
In computer networking, HTTP 451 Unavailable For Legal Reasons is a proposed standard error status code of the HTTP protocol to be displayed when the...
Content-Encoding or Transfer-Encoding field in the HTTPresponse with the used schemes, separated by commas. HTTP/1.1 200 OK Date: mon, 26 June 2016 22:38:34...
ordinary HTTP over an encrypted SSL/TLS connection. HTTPS encrypts all message contents, including the HTTP headers and the request/response data. With...
corresponding responses. HTTP/1.1 requires servers to respond to pipelined requests correctly, with non-pipelined but valid responses even if server...
(XHR) is an API in the form of a JavaScript object whose methods transmit HTTP requests from a web browser to a web server. The methods allow a browser-based...
The HTTP Location header field is returned in responses from an HTTP server under two circumstances: To ask a web browser to load a different web page...
fields in the HTTPresponse of a website after a user logged in. The HTTP request was sent to a webpage within the docs.foo.com subdomain: HTTP/1.0 200 OK...
HTTP request smuggling (HRS) is a security exploit on the HTTP protocol that takes advantage of an inconsistency between the interpretation of Content-Length...
is protection against HTTP Parameter Pollution. HTTPresponsesplittingHTTP request smuggling Balduzzi et al. 2011, p. 2. "HTTP Parameter Pollution Vulnerabilities...
Secure Hypertext Transfer Protocol (S-HTTP) is an obsolete alternative to the HTTPS protocol for encrypting web communications carried over the Internet...