Diabolic Crab - HTTP response splitting:

"These kind of attacks are generally carried out in web applications by injecting malicious or unexpected charecters in user input which is then used for a 302 Redirect, in the Location or Set-Cookie header. [...] To avoid such HTTP Splitting vulnerabilities parse all user input for CR LF rn %0d%0a or any other forms of encoding these or other such malicious charecters before using them in any form of HTTP headers."