HTTP header injection
This article has an unclear citation style. (March 2024) |
HTTP |
---|
Request methods |
Header fields |
Response status codes |
Security access control methods |
Security vulnerabilities |
HTTP header injection is a general class of
headers are dynamically generated based on user input. Header injection in HTTP responses can allow for HTTP response splitting, session fixation via the Set-Cookie header, cross-site scripting
(XSS), and malicious redirect attacks via the location header.
Sources
- File Download Injection
- OWASP HTTP request Splitting
- OWASP Testing for HTTP Splitting/Smuggling
- HTTP Smuggling in 2015
See also
References