CVE-2007-4164

high

Description

CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.

References

http://secunia.com/advisories/26326

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103003-1

http://www.securityfocus.com/bid/25190

http://www.securitytracker.com/id?1018504

http://www.vupen.com/english/advisories/2007/2766

https://exchange.xforce.ibmcloud.com/vulnerabilities/35783

Details

Source: MITRE

Published: 2007-08-07

Updated: 2017-07-29

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH