CRLF Injection Vulnerability in Sun Java System Web Server
CVE-2007-4164

Currently unrated

Key Information:

Vendor
Oracle
Vendor
CVE Published:
7 August 2007

Summary

The Sun Java System Web Server contains a CRLF injection vulnerability in the redirect feature. This issue arises when the server application function uses the url-prefix parameter without proper escaping, allowing remote attackers to manipulate HTTP response headers. By exploiting this flaw, attackers can perform HTTP response splitting attacks, potentially leading to user data exposure or session hijacking.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.