1. Homepage
  2. RvR
  3. Application
  4. Attack Vectors

General Information

HTTP Response Splitting

Variants:
Direct Persistent Session 

Also Known As:
HTTP Response Header Injection, CRLF Injection

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Web Application

Affected Mechanisms:
Input Validation, Output Sanitation

Invented In:
04/03/2004

Added In:
10/12/2014

Quick Introduction to the Topic:



Direct Variant:

HTTP Response Splitting

Variant Title:
HTTP Response Splitting

Typical Severity:
Medium

Resources:

Wiki

CWE

CAPEC

WASC

Vulnerapedia

OWASP Attacks

OWASP Testing Guide

Hakipedia

Other I

Other II

Other III

White Papers:

Paper I

Paper II

Paper II

Learn More:




Persistent Variant:

Stored HTTP Response Splitting

Also Known As:
Persistent HTTP Response Splitting

Typical Severity:
Major

Resources:

White Papers:

Learn More:


Session Variant:

HTTP Response Splitting via Session Puzzling

Variant Title:
HTTP Response Splitting via Session Puzzling

Typical Severity:
Medium

Resources:

White Papers:

Learn More:




TECAPI ©

Join