HTTP response splitting vulnerability in the @SetHTTPHeader function in Lotus Domino 6.5.x before 6.5.4 and 6.0.x before 6.0.5 allows attackers to poison the web cache via malicious applications.
https://exchange.xforce.ibmcloud.com/vulnerabilities/20045
http://www.kb.cert.org/vuls/id/699798
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202437