Security-Assessment.com discovered that is possible to successfully perform an HTTP Response Splitting attack against applications served by Sun Java System Web Server. The vulnerability can be exploited if user supplied input is used to generate the value of an HTTP header.
3345ee06ec8fee622116a9808b76d622a17e73ade8eb2138a5bd16a5270d2e05