diff --git a/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.java b/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.java
index 499afdf0f3a..1f0c7de674b 100644
--- a/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.java
+++ b/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.java
@@ -4,6 +4,6 @@ public class ResponseSplitting {
     // BAD: Disables the internal response splitting verification
     private final DefaultHttpHeaders badHeaders = new DefaultHttpHeaders(false);
 
-    // GOOD: Verifies headers passed don't contain CLRF characters
+    // GOOD: Verifies headers passed don't contain CRLF characters
     private final DefaultHttpHeaders badHeaders = new DefaultHttpHeaders();
 }
diff --git a/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql b/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql
index c7fb666d163..d74bfa351a8 100644
--- a/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql
+++ b/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql
@@ -1,3 +1,16 @@
+/**
+ * @name Disabled Netty HTTP header validation
+ * @description Disabling HTTP header validation makes code vulnerable to
+ *              attack by header splitting if user input is written directly to
+ *              an HTTP header.
+ * @kind problem
+ * @problem.severity error
+ * @precision high
+ * @id java/netty-http-response-splitting
+ * @tags security
+ *       external/cwe/cwe-113
+ */
+
 import java
 
 from ClassInstanceExpr new