HTTP Request Splitting is an attack technique that interferes in the parsing and interpretation of HTTP request messages to split a single HTTP request into multiple unauthorized and malicious HTTP requests to a back-end HTTP agent.
By using HTTP Response Splitting an attacker can manipulate the response received by a web browser. The methods an attacker uses to perform an HTTP Response Splitting attack includes page hijacking, setting unexpected cookies, cross-site scripting (XSS), CRLF injection as part of low and slow attack, and cache poisoning.