Diabolic Crab – HTTP response splitting:
„These kind of attacks are generally carried out in web applications by injecting malicious or unexpected charecters in user input which is then used for a 302 Redirect, in the Location or Set-Cookie header. […] To avoid such HTTP Splitting vulnerabilities parse all user input for CR LF rn %0d%0a or any other forms of encoding these or other such malicious charecters before using them in any form of HTTP headers.“