It has been observed that the Tomcat 4.x release was prone to HTTP Response Splitting attack through CRLF injection. I have been studying various security vulnerabilities for a while. Also i am working on developing countermeasures for such vulnerablities.
Now i like to know, whether Tomcat 6.0.2 release has fix for the CRLF injection. I have tried to implement the CRLF injection attack against Tomcat 6.0.2 but i was not successful.