HTTP header injection
HTTP header injection is a general class of web application security vulnerability which occurs when Hypertext Transfer Protocol (HTTP) headers are dynamically generated based on user input. Header injection in HTTP responses can allow for HTTP response splitting, Session fixation via the Set-Cookie header, cross-site scripting (XSS), and malicious redirect attacks via the location header. HTTP header injection is a relatively new area for web-based attacks, and has primarily been pioneered by Amit Klein in his work on request/response smuggling/splitting.
- Abstraction100002137
- Accomplishment100035189
- Act100030358
- Action100037396
- Communication100033020
- Event100029378
- Feat100036762
- Heading106343971
- Line107012534
- Matter106365467
- PsychologicalFeature100023100
- Text106387980
- WikicatComputerSecurityExploits
- WikicatHypertextTransferProtocolHeaders
- WikicatWebSecurityExploits
- Writing106362953
- WrittenCommunication106349220
- YagoPermanentlyLocatedEntity
- Comment
- enHTTP header injection is a general class of web application security vulnerability which occurs when Hypertext Transfer Protocol (HTTP) headers are dynamically generated based on user input. Header injection in HTTP responses can allow for HTTP response splitting, Session fixation via the Set-Cookie header, cross-site scripting (XSS), and malicious redirect attacks via the location header. HTTP header injection is a relatively new area for web-based attacks, and has primarily been pioneered by Amit Klein in his work on request/response smuggling/splitting.
- Has abstract
- enHTTP header injection is a general class of web application security vulnerability which occurs when Hypertext Transfer Protocol (HTTP) headers are dynamically generated based on user input. Header injection in HTTP responses can allow for HTTP response splitting, Session fixation via the Set-Cookie header, cross-site scripting (XSS), and malicious redirect attacks via the location header. HTTP header injection is a relatively new area for web-based attacks, and has primarily been pioneered by Amit Klein in his work on request/response smuggling/splitting.
- Hypernym
- Class
- Is primary topic of
- HTTP header injection
- Label
- enHTTP header injection
- Link from a Wikipage to an external page
- lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2008-April/003692.html
- www.owasp.org/index.php/HTTP_Response_Splitting
- regilero.github.io/security/english/2015/10/04/http_smuggling_in_2015_part_one/
- www.owasp.org/index.php/Testing_for_HTTP_Splitting/Smuggling_%28OTG-INPVAL-016%29
- Link from a Wikipage to another Wikipage
- Category:Hypertext Transfer Protocol headers
- Category:Web security exploits
- Cross-site scripting
- HTTP request smuggling
- HTTP response splitting
- Hypertext Transfer Protocol
- List of HTTP headers
- Security vulnerability
- Session fixation
- Web application
- SameAs
- aShy
- Header-Injection
- HTTP header injection
- HTTPヘッダ・インジェクション
- Inyección de encabezado HTTP
- m.0264984
- Q1592277
- Subject
- Category:Hypertext Transfer Protocol headers
- Category:Web security exploits
- WasDerivedFrom
- HTTP header injection?oldid=1074209841&ns=0
- WikiPageLength
- 1470
- Wikipage page ID
- 7524275
- Wikipage revision ID
- 1074209841
- WikiPageUsesTemplate
- Template:HTTP
- Template:Reflist
- Template:Web-stub