CRLF Injection Vulnerability in Sun Java System Web Server
CVE-2007-4164

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Web Server
Vendor: CVE Published:; 7 August 2007

Summary

The Sun Java System Web Server contains a CRLF injection vulnerability in the redirect feature. This issue arises when the server application function uses the url-prefix parameter without proper escaping, allowing remote attackers to manipulate HTTP response headers. By exploiting this flaw, attackers can perform HTTP response splitting attacks, potentially leading to user data exposure or session hijacking.

References

http://www.vupen.com/english/advisories/2007/2766

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/26326

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/25190

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Aug 7, 2007
Vulnerability Reserved
Aug 7, 2007