Application Security Terminology


Svg Vector Icons : Return to Glossary

HTTP Response Splitting

HTTP Response Splitting allows an attacker to manipulate the response received by a web browser. The attacker can send a single HTTP request that forces the web server to form an output stream which is then interpreted by the target as two HTTP responses instead of one. 

http-response-splittingHTTP Response Splitting occurs when data enters a web application through an untrusted source, most frequently an HTTP request. The data is then included in an HTTP response header sent to a web user without being validated for malicious characters. At its root, the HTTP Response Splitting attack is straightforward: an attacker passes malicious data to a vulnerable application, and the application includes the data in an HTTP response header.