If a program using WEBrick inserts untrusted input into the response header,
an attacker can exploit it to insert a newline character to split a header,
and inject malicious content to deceive clients.
This is the same issue as CVE-2017-17742. The previous fix was incomplete,
which addressed the CRLF vector, but did not address an isolated CR or an
isolated LF.