CVE-2007-4164

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Web Server
Vendor: CVE Published:; 7 August 2007

Summary

CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.

References

http://www.vupen.com/english/advisories/2007/2766

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/26326

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/25190

vdb-entryx_refsource_BID

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 7, 2007
Vulnerability Reserved
Aug 7, 2007