Oracle Java System Web Server HTTP Response Splitting Vulnerability

Summary
The host is running Oracle Java System Web Server and is prone to HTTP response splitting vulnerability.
Impact
Successful exploitation will allow remote attackers to conduct Cross Site Scripting and browser cache poisoning attacks. Impact Level: Application
Solution
Apply the patch from below link, http://sunsolve.sun.com/search/document.do?assetkey=1-79-1215353.1-1
Insight
The flaw is due to input validation error in 'response.setHeader()' method which is not properly sanitising before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which will be included in a response sent to the user.
Affected
Oracle Java System Web Server 6.x/7.x
References