Is HTTP Response splitting possible in below case:
String requestFilename = request.getParameter("name");
response.addHeader("content-disposition", "attachment; filename=" + requestFilename);
I am directly appending the unsanitized request parameter to the reponse header.
My Question is that by using CRLF characters can we insert our own header into response.
So far i have tried \r\n and %0D%0A but they do not work.
Is response.addHeader() immune to such attacks?
Can someone explain it to me how this attack can be executed?
