Content deleted Content added
Apparition11 (talk | contribs) m Reverted edits by 2601:3C0:4303:61D9:F94E:A20:ADCF:C7B (talk) to last version by 186.195.213.6 |
avoid redirect |
||
(33 intermediate revisions by 23 users not shown) | |||
Line 1:
{{Short description|Web application security vulnerability}}
{{Citation style|date=March 2024}}
'''HTTP header injection''' is a general class of [[web application]] [[security vulnerability]] which occurs when [[Hypertext Transfer Protocol]] (HTTP) [[list of HTTP headers|headers]] are dynamically generated based on user input. Header injection in HTTP responses can allow for [[HTTP response splitting]], [[Session fixation]] via the Set-Cookie header, [[cross-site scripting]] (XSS), and malicious redirect attacks via the ___location header. HTTP header injection is a relatively new area for web-based attacks, and has primarily been pioneered by Amit Klein in his work on request/response smuggling/splitting.<ref>Linhart, Klein, Heled, and Orrin: [http://www.cgisecurity.com/lib/HTTP-Request-Smuggling.pdf HTTP Request Smuggling], 2005, Watchfire Corporation. Retrieved on 22 December 2015</ref>▼
{{HTTP}}
▲'''HTTP header injection''' is a general class of [[web application]] [[security vulnerability]] which occurs when [[Hypertext Transfer Protocol]] ([[HTTP]]) [[list of HTTP headers|headers]] are dynamically generated based on user input. [[Header (computing)|Header]] injection in HTTP responses can allow for [[HTTP response splitting]], [[
== Sources ==
* [
* [https://www.owasp.org/index.php/
* [https://
* [
* [https://noscript.net NoScript Official Website]
==
* [[HTTP request smuggling]]
==References==
Line 15 ⟶ 18:
[[Category:Web security exploits]]
[[Category:Hypertext Transfer Protocol headers]]
|