Hi All,
We have a site failing PCI for a HTTP Response Splitting Vulnerability.
Here's an obfuscated version of the test URL:
http://florist.mysite.com/WHS%0D%0AX-Resp:%20Split.php
When called, we receive the following response headers.
HTTP/1.0 301 Moved Permanently
Content-Type: text/html...