Content deleted Content added
GhostOfNoMan (talk | contribs) No edit summary |
avoid redirect |
||
(14 intermediate revisions by 7 users not shown) | |||
Line 1:
{{Short description|Web application security vulnerability}}
{{Citation style|date=March 2024}}
{{HTTP}}
'''HTTP header injection''' is a general class of [[web application]] [[security vulnerability]] which occurs when [[Hypertext Transfer Protocol]] ([[HTTP]]) [[list of HTTP headers|headers]] are dynamically generated based on user input. [[Header (computing)|Header]] injection in HTTP responses can allow for [[HTTP response splitting]], [[session fixation]] via the Set-[[HTTP cookie|Cookie]] header, [[cross-site scripting]] (XSS), and malicious redirect attacks via the ___location header.
== Sources ==
* [
* [https://www.owasp.org/index.php/HTTP_Response_Splitting OWASP HTTP request Splitting]
* [https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/15-Testing_for_HTTP_Splitting_Smuggling OWASP Testing for HTTP Splitting/Smuggling]
* [https://regilero.github.io/security/english/2015/10/04/http_smuggling_in_2015_part_one/ HTTP Smuggling in 2015]
* [https://noscript.net NoScript Official Website]
== See also ==
|