What Is HTTP Header Injection?
HTTP header injection is a web application security vulnerability for HTTP (Hypertext Transfer Protocol) headers, specifically those that depend on user input in order to be generated in a dynamic manner. HTTP response splitting, in particular, can occur whenever HTTP header injection is implemented. You can do all sorts of things with this vulnerability, and they include malicious redirect attacks from the location header, XSS or cross-site scripting, and session fixation through the set-cookie header. Web-based attacks via the HTTP header injection route are basically traversing uncharted waters because this is a relatively new method of cyber assault, all things considered.
Header Injection Vulnerabilities
Documentation about HTTP header injection vulnerabilities are sparse and highly technical, so it isn't something that script kiddies can easily decipher and delve upon anytime soon. At any rate, to recap, this vulnerability is usually found in dynamically generated HTTP headers that depend on user input to be created. Amit Klein is the main vanguard when it comes to HTTP header injection exploits, particularly his work on response/request splitting/smuggling. With that said, the path for cyber-attacks of this nature has been trodden, and Klein has paved the way for more creative uses of this susceptibility.
User Based Input
The only reason why efforts to deal with this security hole has been sparse is because attacks for it have been similarly few and far between. HTTP responses and requests have the HTTP header as a component of theirs. Header fields are transferred after every response and request are made. They, the header fields, carry extra data regarding these responses and requests as well. With that said, the HTTP header injection isn't the kind of vulnerability that should be taken lightly just because it's "unexplored territory" in the realm of IT security, so very few hackers have taken full advantage of its so-called "potential" other than HTTP header injection pioneer Klein. Any headers that makes use of user-based input has this vulnerability.
Multiple sites vulnerable