HTTP Response Splitting allows an attacker to manipulate the response received by a web browser. The attacker can send a single HTTP request that forces the web server to form an output stream which is then interpreted by the target as two HTTP responses instead of one.
HTTP Response Splitting occurs when data enters a web application through an untrusted source, most frequently an HTTP request. The data is then included in an HTTP response header sent to a web user without being validated for malicious characters. At its root, the HTTP Response Splitting attack is straightforward: an attacker passes malicious data to a vulnerable application, and the application includes the data in an HTTP response header.