CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2007-08-07T10:00:00
Updated: 2024-08-07T14:46:39.381Z
Reserved: 2007-08-07T00:00:00
Link: CVE-2007-4164
Vulnrichment
No data.
NVD
Status : Modified
Published: 2007-08-07T10:17:00.000
Modified: 2024-11-21T00:34:56.103
Link: CVE-2007-4164
Redhat
No data.