HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/23030
http://www.vupen.com/english/advisories/2005/2361
http://www.securityfocus.com/bid/15360/
http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_HTTP_Response_Splitting_in_SAP_WAS.pdf
http://securityreason.com/securityalert/164