Revision as of 17:30, 10 July 2010 edit Carl.bunderson (talk \| contribs) Autopatrolled, Extended confirmed users, Pending changes reviewers, Rollbackers 18,676 edits rv, the homesite is already linked ← Previous edit		Revision as of 18:26, 5 January 2011 edit undo Oreoshake (talk \| contribs) 2 edits No edit summary Next edit →
Line 1: {{HTTP}} '''HTTP header injection''' is a general class of [[web application]] [[security vulnerability]] which occurs when [[Hypertext Transfer Protocol]] (HTTP) [[list of HTTP headers\|headers]] are dynamically generated based on user input. Header injection in HTTP responses can allow for [[HTTP response splitting]], ~~and~~[[Session Fixation]] via the Set-Cookie header, [[cross-site scripting]] (XSS), and malicious redirects attacks via the ___location header. HTTP header injection is a relatively new area for web-based attacks, and has primarily been pioneered by Amit Klein in his work on request/response smuggling/splitting. == Sources ==

HTTP header injection: Difference between revisions