HTTP response splitting

Source: Wikipedia, the free encyclopedia.

HTTP response splitting is a form of web application vulnerability, resulting from the failure of the application or its environment to properly sanitize input values. It can be used to perform cross-site scripting attacks, cross-user defacement, web cache poisoning, and similar exploits.

The attack consists of making the server print a

standard (RFC 2616), headers are separated by one CRLF and the response's headers are separated from its body by two. Therefore, the failure to remove CRs and LFs allows the attacker to set arbitrary headers, take control of the body, or break the response into two or more separate responses—hence the name.


The generic solution is to

HTTP headers
such as Location or Set-Cookie.

Typical examples of sanitization include casting to integers or aggressive regular expression replacement. Although response splitting is not specific to PHP, the PHP interpreter contains protection against the attack since version 4.4.2 and 5.1.2.[1]


  1. ^ "PHP: PHP 5.1.2. Release Announcement". The PHP Group. Retrieved 2014-11-13.

External links