This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Periodic Table of Vulnerabilities - HTTP Request Splitting

From OWASP
Revision as of 07:22, 16 May 2013 by Peter Mosmans (talk | contribs) (initial page setup)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Return to Periodic Table Working View

HTTP Request Splitting

Root Cause Summary

insecure coding/HTTP parsing errors/caching

Browser / Standards Solution

Sanitize HTTP requests and responses

Perimeter Solution

  • Sanitize HTTP headers
  • Avoid HTTP connection sharing

Generic Framework Solution

Sanitize HTTP headers

Custom Framework Solution

None

Custom Code Solution

None

Discussion / Controversy

References

HTTP Message Splitting, Smuggling and Other Animals (Amit Klein, OWASP)