Description
Before compising the received data into outgoing HTTP headers software analyses it and performs CR (carriage return, also given by %0d or \r) and LF (line feed, also given by %0a or \n) symbols neutralization. Because of the weakness, software isn't able to check and change data correctly. If the HTTP contains CR and LF characters, protocol gives 2 responses instead 1. Attackers can intercept, control and use the second response for their purposes: to make cross-site scripting and cache poisoning attacks.
The weakness is introduced during Implementation stage.
Latest vulnerabilities for CWE-113
References
Description of CWE-113 on Mitre website