A client has just reported their system as vulnerable to "HTTP Response Splitting Attacks" during a security audit they had done.
I see there is already a bug report here: http://www.openacs.org/bugtracker/openacs/bug?format=table&bug_number=2011 but there doesn't appear to be a recent update on the bug.
On the bug report, Carsten Clasohm says "this is pretty easy to fix in OpenACS. Just check for \n and \r in ad_returnredirect, log the offending redirection target, and throw an error."
Does anyone know if it's this straight-forward? Has anybody implemented this and can confirm it works?