Описание
CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.
CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-4164
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35783
- http://secunia.com/advisories/26326
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103003-1
- http://www.securityfocus.com/bid/25190
- http://www.securitytracker.com/id?1018504
- http://www.vupen.com/english/advisories/2007/2766
EPSS
CVE ID
Связанные уязвимости
CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.
EPSS