Description
HTTP response splitting is the result of the failure of a web application to properly sanitize CR (ASCII 0x0D) and LF (ASCII 0x0A) character in HTTP headers. Per the HTTP standard (RFC 2616) headers are separated by one CRLF and the response’s headers are separated from its body by two. Therefore, the failure to remove CRs and LFs allows the attacker to set arbitrary headers, take control of the body, or break the response into two or more separate responses.
Recommendation
The generic solution is to URL-encode strings before inclusion into HTTP headers such as Location or Set-Cookie.