HTTP Response Splitting

HTTP Response Splitting

HTTP Response Splitting

When using HTTP Response Splitting vulnerabilities (splitting of HTTP request), the hacker sends to a server a specially-formed request, the answer on which is interpreted by an attack aim as two different answers. The second answer is under a full control of a hacker and it allows him to forge the server’s answer.
If an attack is successful, hacker can perform the following actions:

    • Cross-site scripting.

 

    • Modification of cash data of the proxy-server.

 

    • Cross-user attack (one user, one page, a temporary page substitution).

 

    • Page interception, which contains a user data.