CRLF Injection Vulnerability in Sun Java System Web Server
CVE-2007-4164
Currently unrated
Summary
The Sun Java System Web Server contains a CRLF injection vulnerability in the redirect feature. This issue arises when the server application function uses the url-prefix parameter without proper escaping, allowing remote attackers to manipulate HTTP response headers. By exploiting this flaw, attackers can perform HTTP response splitting attacks, potentially leading to user data exposure or session hijacking.
References
Timeline
Vulnerability published
Vulnerability Reserved