CVE-2007-4164

medium

Description

CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/35783

http://www.vupen.com/english/advisories/2007/2766

http://www.securitytracker.com/id?1018504

http://www.securityfocus.com/bid/25190

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103003-1

http://secunia.com/advisories/26326

Details

Source: Mitre, NVD

Published: 2007-08-07

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.0145