/vulndb/Response Splitting

Response Splitting happens when not sanitised data is passed to the vulnerable application and it is used to build a response header. An attacker may force the web server to form a malformed output stream, which is then interpreted by the victim’s browser as two HTTP responses instead of one. Response splitting is usually useful only with proxies or when the browser is using request pipelining.

An attacker will be able to use this vulnerability to deliver a forged application response containing malicious code instead of the legit one.

Solution

The generic solution is to perform a form of encoding suitable for the header, which should contain the user-supplied input. For example, you must sanitize any CRLF character sequences (0x0D, 0x0A in hex) which are used by the HTTP protocol as line separators.

References

http://en.wikipedia.org/wiki/HTTP_response_splitting https://www.owasp.org/index.php/HTTP_Request_Smuggling