cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location.