python-gunicorn before version 19.5.0 has a HTTP response splitting vulnerability in the http/wsgi.py:process_headers() function caused by the improper neutralization of CRLF sequences. An attacker could exploit this to cause a server to return arbitrary HTTP headers.
Created python-gunicorn tracking bugs for this issue:
Affects: epel-6 [bug 1564941]
The version shipped with OpenStack 12 is 19.7.1 and contains the latest fixes.