Following sections describes the harmfulness of the CRLF attack and approaches how you can mitigate it.
How can CRLF attacks be harmful?
CRLF attacks are also known as HTTP Response Splitting. The carriage return can be represented as CR, ASCII 13 or r which feeds out one line, and line feed as LF, ASCII 10 or n which starts a new line. If an attacker injects a malicious CRLF sequence into an HTTP stream when a user manages to submit a CRLF into an application, the attacker will gain malicious control on the way a web application functions.