Revision as of 03:11, 5 February 2008 edit GBuilder (talk \| contribs) 19 edits No edit summary ← Previous edit		Revision as of 12:27, 5 February 2008 edit undo TheJosh (talk \| contribs) Extended confirmed users, Pending changes reviewers 2,772 edits {{HTTP}} Next edit →
Line 1: {{HTTP}} '''HTTP header injection''' is a general class of web application vulnerability which occurs when [[Hypertext Transfer Protocol]] (HTTP) headers are dynamically generated based on user input. Header injection in HTTP responses can allow for [[HTTP response splitting]] and [[Cross-site scripting]] (XSS) attacks. HTTP header injection is a relatively new area for web-based attacks, and has primarily been pioneered by Amit Klein in his work on request/response smuggling/splitting.

HTTP header injection: Difference between revisions