Revision as of 03:02, 16 June 2014 edit Meteor sandwich yum (talk \| contribs) 9,544 edits Reverted good faith edits by 200.114.251.51 (talk): I don't see what this has to do with HTTP header injection... (TW) ← Previous edit		Revision as of 17:17, 23 June 2014 edit undo Meteor sandwich yum (talk \| contribs) 9,544 edits m formatting: mdash (using Advisor.js) Next edit →
Line 1: {{HTTP}} '''HTTP header injection''' is a general class of [[web application]] [[security vulnerability]] which occurs when [[Hypertext Transfer Protocol]] (HTTP) [[list of HTTP headers\|headers]] are dynamically generated based on user input. Header injection in HTTP responses can allow for [[HTTP response splitting]] (also known as CRLF - – Carriage Return Line Feed), [[Session fixation]] via the Set-Cookie header, [[cross-site scripting]] (XSS), and malicious redirect attacks via the ___location header. HTTP header injection is a relatively new area for web-based attacks, and has primarily been pioneered by Amit Klein in his work on request/response smuggling/splitting. Vulnerabilities due to HTTP header injections such as CRLF are no longer feasible due to the fact that multiple header requests are not possible. == Sources == Line 13: [[Category:Hypertext Transfer Protocol]] [[Category:Hypertext Transfer Protocol headers]] {{Web-stub}}

HTTP header injection: Difference between revisions