2.7.6 Header Manipulation

Header manipulation is the insertion of malicious data, which has not been validated, into a HTTP response header. One example of header manipulation is a HTTP response splitting attack. This type of attack exploits applications that allow a carriage return or line feed as input. The characters that symbolize these keystrokes (%0d, %0a, \r, and \n) give attackers control of the header and body of the response. Header manipulation can also result in cross-site scripting, browser hijacking, cookie manipulation, and cross-user defacement. Cross-user defacement is accomplished by making a request to a server that results in the server creating two responses. The second response will be considered a response to a different request such as from a different user sharing the same connection with the server. The attacker can then mimic the application causing users to divulge sensitive information that is sent to the attacker rather than the server.