Short Name |
HTTP:EXPLOIT:VAR-RESPONSE-SPLIT |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
Response Splitting in HTTP Variable |
Release Date |
2005/03/09 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects HTTP requests with encoded characters that are consistent with an HTTP response splitting attack. Attackers can execute script code on the target's browser or poison an HTTP cache server. Note: Some Web applications might use these characters legitimately.
Use of HTTP response splitting could enable a remote attacker to launch a cross-site scripting attack, poison a server's or a browser's cache, deface a web page, or hijack user information.