Revision as of 12:27, 5 February 2008 edit The Anome (talk \| contribs) Edit filter managers, Administrators 260,154 edits m moved HTTP Header Injection to HTTP header injection ← Previous edit		Revision as of 12:28, 5 February 2008 edit undo The Anome (talk \| contribs) Edit filter managers, Administrators 260,154 edits web application vulnerability Next edit →
Line 1: {{HTTP}} '''HTTP header injection''' is a general class of [[web application vulnerability]] which occurs when [[Hypertext Transfer Protocol]] (HTTP) headers are dynamically generated based on user input. Header injection in HTTP responses can allow for [[HTTP response splitting]] and [[Cross-site scripting]] (XSS) attacks. HTTP header injection is a relatively new area for web-based attacks, and has primarily been pioneered by Amit Klein in his work on request/response smuggling/splitting. ==Sources==

HTTP header injection: Difference between revisions