CVE-2007-4164

3 documents3 sources

Severity

7.5HIGH

EPSS

1.5%

top 18.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Java System WEB Server

Timeline

PublishedAug 7

Latest updateMay 1

Description

CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDsun/java_system_web_server6.1, 7.0+1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-vcmc-mvhv-w8c3: CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6↗2022-05-01

▶

CVEList

CVE-2007-4164: CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6↗2007-08-07

▶