Back to search
CVE-2007-4164
Published: Aug 7, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2007-2766
vdb-entry
x_refsource_VUPEN
26326
third-party-advisory
x_refsource_SECUNIA
25190
vdb-entry
x_refsource_BID
sun-redirect-response-splitting(35783)
vdb-entry
x_refsource_XF
103003
vendor-advisory
x_refsource_SUNALERT
1018504
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now