HTTP Response Splitting
- CWE 113
- WASC 25
- PCI 3.2-6.5.1
- OWASP 2013-A1
HTTP response splitting is a type of injection attack that can lead to Cross-site Scripting (XSS) and web cache poisoning.
CRLF refers to the Carriage Return and Line Feed sequence of special characters. In the HTTP protocol, the CRLF sequence is always used to terminate a line. Therefore, if a malicious user is able to inject their own CRLF sequence into an HTTP stream, they gain control over the contents of the HTTP response.
Since CRLF characters can be used to split an HTTP response header, it is often also referred to as CRLF injection.
Remediation
Validate input and remove CRLF character sequences before embedding data into any HTTP response headers.