CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-07T10:00:00

Updated: 2024-08-07T14:46:39.381Z

Reserved: 2007-08-07T00:00:00

Link: CVE-2007-4164

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2007-08-07T10:17:00.000

Modified: 2024-11-21T00:34:56.103

Link: CVE-2007-4164

cve-icon Redhat

No data.