When using HTTP Response Splitting vulnerabilities (splitting of HTTP request), the hacker sends to a server a specially-formed request, the answer on which is interpreted by an attack aim as two different answers. The second answer is under a full control of a hacker and it allows him to forge the server’s answer.
If an attack is successful, hacker can perform the following actions:
- Cross-site scripting.
- Modification of cash data of the proxy-server.
- Cross-user attack (one user, one page, a temporary page substitution).
- Page interception, which contains a user data.