DEPRECATED: HTTP response splitting
This entry has been deprecated and consolidated into CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting').
HTTP response splitting was a specific web security flaw where an attacker could inject carriage return (CR) and line feed (LF) characters into an application's output. By manipulating these characters, which HTTP uses to separate headers, an attacker could 'split' a single response into two, potentially injecting malicious content or redirecting users. This vulnerability stemmed from improper validation of user-supplied data used in HTTP response headers. The issue is now fully covered under the more general CWE-113, which addresses the broader category of CRLF injection attacks across various protocols and contexts, not just HTTP responses.