- HTTP response splitting is a web application vulnerability that can compromise an application and its environment with input values mostly through HTTP requests
- This attack creates CR (Carriage Return) and LF (Line Feed) sequences in the HTTP header and controls the remaining header and body of the response that the application intends to send and also can create another HTTP message
- Attacker splits the HTTP response by:
– HTTP Header Splitting
– HTTP redirect
– HTTP cookie header
Insecure Code
- The code shows cookie header response split
Secure Code
- The code uses CR/LF to prevent any HTTP response splitting attack
HTTP Response Splitting Countermeasures
- Avoid direct placing of user input variables in the HTTP header
- Disallow and Filter CR/LF characters
- Use encoding for validating header input and output
Example: Secure Code for HTTP response Splitting Attack
Cheng® 