About: HTTP header injection

HTTP header injection is a general class of web application security vulnerability which occurs when Hypertext Transfer Protocol (HTTP) headers are dynamically generated based on user input. Header injection in HTTP responses can allow for HTTP response splitting and cross-site scripting (XSS) attacks. HTTP header injection is a relatively new area for web-based attacks, and has primarily been pioneered by Amit Klein in his work on request/response smuggling/splitting.

Property	Value
dbpprop:abstract	HTTP header injection is a general class of web application security vulnerability which occurs when Hypertext Transfer Protocol (HTTP) headers are dynamically generated based on user input. Header injection in HTTP responses can allow for HTTP response splitting and cross-site scripting (XSS) attacks. HTTP header injection is a relatively new area for web-based attacks, and has primarily been pioneered by Amit Klein in his work on request/response smuggling/splitting. Header-Injection ist eine Klasse von Sicherheitslücken in Webanwendungen, welche auftreten wenn die Header eines Protokolls dynamisch unter Hinzunahme von unzureichend geprüften Benutzereingaben generiert werden. Header-Injection in HTTP kann z. B. zu HTTP-Response-Splitting und Cross-Site Scripting führen. Bei der dynamischen Erstellung von E-Mails über eine Webanwendung kann ein Header-Injection-Angriff genutzt werden, um andere Empfänger in eine E-Mail einzutragen und so z. B. Spam zu versenden.
dbpprop:hasPhotoCollection	http://www4.wiwiss.fu-berlin.de/flickrwrappr/photos/HTTP_header_injection
dbpprop:reference	http://palisade.plynt.com/issues/2006Sep/http-request-smuggling/ http://www.webappsec.org/lists/websecurity/archive/2008-04/msg00003.html http://wapiti.sf.net http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042358.html
rdfs:comment	HTTP header injection is a general class of web application security vulnerability which occurs when Hypertext Transfer Protocol (HTTP) headers are dynamically generated based on user input. Header injection in HTTP responses can allow for HTTP response splitting and cross-site scripting (XSS) attacks. HTTP header injection is a relatively new area for web-based attacks, and has primarily been pioneered by Amit Klein in his work on request/response smuggling/splitting. Header-Injection ist eine Klasse von Sicherheitslücken in Webanwendungen, welche auftreten wenn die Header eines Protokolls dynamisch unter Hinzunahme von unzureichend geprüften Benutzereingaben generiert werden. Header-Injection in HTTP kann z. B. zu HTTP-Response-Splitting und Cross-Site Scripting führen. Bei der dynamischen Erstellung von E-Mails über eine Webanwendung kann ein Header-Injection-Angriff genutzt werden, um andere Empfänger in eine E-Mail einzutragen und so z. B.
rdfs:label	HTTP header injection Header-Injection
owl:sameAs	freebase:HTTP header injection
skos:subject	dbpedia:Category:Web_security_exploits dbpedia:Category:HTTP
foaf:page	http://en.wikipedia.org/wiki/HTTP_header_injection
is dbpprop:redirect of	dbpedia:HTTP_Header_Injection