

HTTP Response Splitting: A Common, But Frequently Unknown, Security Issue - adulau
http://avatraxiom.livejournal.com/104105.html

======
tlack
Can anyone think of a common case where a request variable is included
directly in a header? I can see why it would happen (in terms of the
programmer misusing his easily available tools) but I can't think of a likely
case for it in practice, other than perhaps including raw request data in a
cookie header.

