CRLF Injection Vulnerability in Sun Java System Web Server
CVE-2007-4164

Currently unrated

Key Information:

Vendor

Oracle
Status
Java System Web Server
Vendor
CVE Published:
7 August 2007

What is CVE-2007-4164?

The Sun Java System Web Server contains a CRLF injection vulnerability in the redirect feature. This issue arises when the server application function uses the url-prefix parameter without proper escaping, allowing remote attackers to manipulate HTTP response headers. By exploiting this flaw, attackers can perform HTTP response splitting attacks, potentially leading to user data exposure or session hijacking.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.vupen.com/english/advisories/2007/2766
vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/26326
third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/25190
vdb-entryx_refsource_BID

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.