Vulnerability Description
CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Java System Web Server | 6.1 |
References
- http://secunia.com/advisories/26326Vendor Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103003-1
- http://www.securityfocus.com/bid/25190Patch
- http://www.securitytracker.com/id?1018504
- http://www.vupen.com/english/advisories/2007/2766
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35783
- http://secunia.com/advisories/26326Vendor Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103003-1
- http://www.securityfocus.com/bid/25190Patch
- http://www.securitytracker.com/id?1018504
- http://www.vupen.com/english/advisories/2007/2766
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35783
FAQ
What is CVE-2007-4164?
CVE-2007-4164 is a vulnerability with a CVSS score of 7.5 (HIGH). CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and es...
How severe is CVE-2007-4164?
CVE-2007-4164 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4164?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Java System Web Server.