7.5

CVE-2007-4164

EPSS 1.45%
Published 07.08.2007 10:17:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.

Affected products Warnungen 0 Metrics 2 CWE 0 References 9

Data is provided by the National Vulnerability Database (NVD)

Sun ≫ Java System Web Server Version6.1

Sun ≫ Java System Web Server Version6.1 Updatesp1

Sun ≫ Java System Web Server Version6.1 Updatesp2

Sun ≫ Java System Web Server Version6.1 Updatesp3

Sun ≫ Java System Web Server Version6.1 Updatesp4

Sun ≫ Java System Web Server Version6.1 Updatesp5

Sun ≫ Java System Web Server Version6.1 Updatesp6

Sun ≫ Java System Web Server Version6.1 Updatesp7

Sun ≫ Java System Web Server Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.45%	0.789

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/26326

Vendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103003-1

http://www.securityfocus.com/bid/25190

Patch

http://www.securitytracker.com/id?1018504

http://www.vupen.com/english/advisories/2007/2766

https://exchange.xforce.ibmcloud.com/vulnerabilities/35783

https://nvd.nist.gov/vuln/detail/CVE-2007-4164

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-4164

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-4164

EUVD