CVE-2016-4993 — MEDIUM (6.1)

Q: How severe is CVE-2016-4993?

CVE-2016-4993 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-4993?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Application Platform, Redhat Jboss Wildfly Application Server, Redhat Enterprise Linux.

Vulnerability Description

CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

CVSS Score

6.1

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Redhat	Jboss Enterprise Application Platform	<= 7.0.1
Redhat	Jboss Wildfly Application Server	10.0.0
Redhat	Enterprise Linux	6.0

Related Weaknesses (CWE)

CWE-93 CWE-113

References

http://rhn.redhat.com/errata/RHSA-2016-1838.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1839.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1840.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1841.htmlThird Party Advisory
http://www.securityfocus.com/bid/92894
http://www.securitytracker.com/id/1036758Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3454
https://access.redhat.com/errata/RHSA-2017:3455
https://access.redhat.com/errata/RHSA-2017:3456
https://access.redhat.com/errata/RHSA-2017:3458
https://bugzilla.redhat.com/show_bug.cgi?id=1344321Issue TrackingThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1838.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1839.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1840.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1841.htmlThird Party Advisory

FAQ

What is CVE-2016-4993?

CVE-2016-4993 is a vulnerability with a CVSS score of 6.1 (MEDIUM). CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary ...

How severe is CVE-2016-4993?

CVE-2016-4993 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-4993?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Application Platform, Redhat Jboss Wildfly Application Server, Redhat Enterprise Linux.