CAPEC-273 : HTTP Response Smuggling
An adversary manipulates and injects malicious content in the form of secret unauthorized HTTP responses, into a single HTTP response from a vulnerable or compromised back-end HTTP agent (e.g., server). See CanPrecede relationships for possible consequences.
https://capec.mitre.org/data/definitions/273.htmlRelated CWE definitions
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.
The product acts as an intermediary HTTP agent
(such as a proxy or firewall) in the data flow between two
entities such as a client and server, but it does not
interpret malformed HTTP requests or responses in ways that
are consistent with how the messages will be processed by
those entities that are at the ultimate destination.
Please note that CAPEC definitions are provided as a quick reference only.
Visit http://capec.mitre.org/ for a complete list of CAPEC entries
and more information.