Unfiltered \r\n and \0 characters allows strings injection and header truncation.
vulners.com/securityvulns/securityvulns:doc:16508
vulners.com/securityvulns/securityvulns:doc:16509