HTTP_header_injection

HTTP header injection

HTTP header injection

Web application security vulnerability

HTTP header injection is a general class of web application security vulnerability which occurs when Hypertext Transfer Protocol (HTTP) headers are dynamically generated based on user input. Header injection in HTTP responses can allow for HTTP response splitting, session fixation via the Set-Cookie header, cross-site scripting (XSS), and malicious redirect attacks via the location header.

Sources

See also

References


    Stub icon

    This World Wide Web–related article is a stub. You can help Wikipedia by expanding it.
    Share this article:

    This article uses material from the Wikipedia article HTTP_header_injection, and is written by contributors. Text is available under a CC BY-SA 4.0 International License; additional terms may apply. Images, videos and audio are available under their respective licenses.