HTTP Response Splitting

Impact: High


HTTP response splitting is the result of the failure of a web application to properly sanitize CR (ASCII 0x0D) and LF (ASCII 0x0A) character in HTTP headers. Per the HTTP standard (RFC 2616) headers are separated by one CRLF and the response’s headers are separated from its body by two. Therefore, the failure to remove CRs and LFs allows the attacker to set arbitrary headers, take control of the body, or break the response into two or more separate responses. Wikipedia


The generic solution is to URL-encode strings before inclusion into HTTP headers such as Location or Set-Cookie. Wikipedia


Last updated on February 15, 2021

This issue is available in SmartScanner Professional

See Pricing