WebApp Sec: XSS or HTTP Response Splitting?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec mailing list archives

XSS or HTTP Response Splitting?

From: Joxean Koret <joxeankoret () yahoo es>
Date: 2 Jan 2005 11:15:40 -0000



Hi!  
  
I have been discovered recently various security  
issues with the ViewCVS python CGI  
(http://www.securityfocus.com/archive/1/385885 )  
but I'm not sure if the errors are Cross Site  
Scripting Vulnerabilities and/or HTTP Response  
Splitting.  
  
My question is the following: What is the main 
difference  
between XSS and HTTP Response  
Splitting? May be that HTTP Response  
Splitting errors modifies the headers and XSS 
modifies document content?  
  
Thanks in advance to all... And Happy New Year!

By Date By Thread

Current thread:

XSS or HTTP Response Splitting? Joxean Koret (Jan 02)
- <Possible follow-ups>
- Re: XSS or HTTP Response Splitting? Amit Klein (AKsecurity) (Jan 06)
  - Vulnerability statistics Benjamin Livshits (Jan 06)
    - Re: Vulnerability statistics Jeremiah Grossman (Jan 07)