CVE-2007-4164 in Java System Web Serverinfo

Summary

CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

08/07/2007

Disclosure

08/07/2007

Moderation

VulDB entry created

Entries

VDB-38175 (1)

CPE

ready

CWE

CWE-113 (Unconfirmed)

CVSS

7.3

EPSS

0.01527

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2007-4164
NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-4164
CVE Details	https://www.cvedetails.com/cve/CVE-2007-4164/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!