HTTP Response Splitting
HTTP Response splitting is a type of attack that takes advantage of vulnerabilities in web applications. When a user sends a request to a web server, the server sends back a response with the requested content. This response is often divided into multiple lines, with each line separated by a carriage return and a line feed (CRLF) character sequence.
In HTTP Response splitting attacks, an attacker crafts a malicious request that includes CRLF characters in a way that causes the web server to create multiple responses instead of just one. This can allow the attacker to inject their own content into the response or even perform more advanced attacks like session hijacking.
HTTP Response splitting attacks can be mitigated by properly validating input and output in web applications, as well as by implementing security measures such as Content Security Policy and HTTP Strict Transport Security.