[sonarqube.git] /

<p>This code constructs an HTTP Cookie using an untrusted HTTP parameter. If this cookie is added to an HTTP response, it will allow a HTTP response splitting
vulnerability. See <a href="http://en.wikipedia.org/wiki/HTTP_response_splitting">http://en.wikipedia.org/wiki/HTTP_response_splitting</a>
for more information.</p>
<p>FindBugs looks only for the most blatant, obvious cases of HTTP response splitting.
If FindBugs found <em>any</em>, you <em>almost certainly</em> have more 
vulnerabilities that FindBugs doesn't report. If you are concerned about HTTP response splitting, you should seriously 
consider using a commercial static analysis or pen-testing tool.
</p>