OWASP Periodic Table of Vulnerabilities - HTTP Request/Response Smuggling

Root Cause Summary
Malformed HTTP requests and responses are interpreted differently by proxies, web servers, or other systems which process HTTP along the request/response path. This can allow a request or response to bypass proxy filters or rules, poison caches, or cause the response from one request to be incorrectly matched with another.

Browser / Standards Solution
Tighten RFC standards to describe precise behavior for malformed request/response data, including rules for handling duplicate headers.

Perimeter Solution

 * Sanitize all HTTP headers, especially duplicates, by enforcing strict adherence to RFC
 * Sanitize both HTTP requests and responses
 * Avoid HTTP connection sharing
 * Enforce SSL to prevent proxy tampering

Generic Framework Solution
None

Custom Framework Solution
None

Custom Code Solution
None

Discussion / Controversy
Framework-level solutions for addressing correct CRLF behavior and preventing header manipulation are covered under OWASP Periodic Table of Vulnerabilities - HTTP Response Splitting