A CRLF vulnerability (%0D%0A) exists in TinyWeb Server creating a potential risk for redirection, XSS and other cool tricks depending on how the client interprets the HTTP Response.
This vulnerability also leads to integrity failure, as logfiles can be spoofed:
Example:
Resulting events in access_log stored in application directory:
Same most likely evident for agent_ and referer_ logs etc.