From db533c891ea331fab2e2df17819f9528f8f80925 Mon Sep 17 00:00:00 2001 From: Austin Songer Date: Tue, 21 Jan 2020 22:03:20 +0000 Subject: [PATCH] ANSWERED: Explain HTTP Header Injection. --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 15cce20..53820e5 100644 --- a/README.md +++ b/README.md @@ -5427,6 +5427,9 @@ You can use OWASP ZAP to analyze a "request", and if it appears that there no pr
Explain HTTP Header Injection vulnerability
+ +HTTP Header Injection vulnerabilities occur when user input is insecurely included within server responses headers. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response. +