General Information

HTTP Request Header Injection

Variants:
Direct Persistent Session 

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Application

Affected Mechanisms:
Input Validation

Invented In:
07/07/2005

Added In:
08/12/2014


Vector Operation Method:
Malicious inputs can affect the structure of HTTP requests sent between two servers and add -


Direct Variant:

HTTP Request Header Injection

Variant Title:
HTTP Request Header Injection

Typical Severity:
Medium

Resources:

White Papers:

Learn More:


Persistent Variant:

Stored HTTP Request Header Injection

Also Known As:
Persistent HTTP Request Header Injection

Typical Severity:
Medium

Resources:

White Papers:

Learn More:


Session Variant:

HTTP Request Header Injection via Session Puzzling

Also Known As:
Session HTTP Request Header Injection

Typical Severity:
Major

Resources:

White Papers:

Learn More: