HTTP Response Splitting

HTTP Response Splitting is an attack type that allows attacker to embed arbitrary data via HTTP response headers.

Attack is aimed at the inserting linefeed symbols into HTTP headers given by web server, so that an attacker can completely change the content of the server response and displayed page.

  • Carriage Return = %0d = \r
  • Line Feed = %0a = \n

Sorry, but this is part of
Web-security course

Web-security course

  • Actual web attacks with examples
  • A wrong ways of preventing attacks
  • Security methods guaranties elimination of attacks
  • Quizzes for the material fixation

  How to prevent HTTP Response Splitting →