CVE-2007-4164

CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.
Configurations

Configuration 1

cpe:2.3:a:sun:java_system_web_server:6.1:sp1:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_server:6.1:sp6:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_server:6.1:sp3:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_server:6.1:sp4:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_server:6.1:sp5:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_server:7.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_server:6.1:sp2:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_server:6.1:sp7:*:*:*:*:*:*

Information

Published : 2007-08-07 10:17

Updated : 2017-07-29 01:32


NVD link : CVE-2007-4164

Mitre link : CVE-2007-4164

Products Affected
No products.