Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
ZPublisher.HTTPResponse._scrubHeaderr in Zope 2 before 2.12.26 and 2.13.x before 2.13.19, as used in Plone before 4.2.2 and 4.3.x before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.
CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
The software receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.