OWASP Periodic Table of Vulnerabilities - HTTP Request/Response Smuggling

Root Cause Summary
An attacker can embed user data into a HTTP request or response, which isn't sanitized. Browsers and web servers which don't adhere to strict RFC standards.

Browser / Standards Solution
Tighten RFC standards to describe precise behavior for malformed request/response data. Sanitize HTTP requests and responses.

Perimeter Solution

 * Sanitize HTTP headers
 * Sanitize HTTP responses
 * Avoid HTTP connection sharing
 * Use SSL to prevent proxy tampering

Generic Framework Solution

 * Make sure that customizable HTTP headers adhere to the correct RFC standard (RFC 2047)
 * Sanitize HTTP headers
 * Avoid the introduction of pure Carriage Returns (CR) and Linefeeds (LF) into HTTP headers

Custom Framework Solution
None

Custom Code Solution
None

Discussion / Controversy
Should String Be An Abstract Class (John Wilander)