7.5

CVE-2007-4164

CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SunJava System Web Server Version6.1
SunJava System Web Server Version6.1 Updatesp1
SunJava System Web Server Version6.1 Updatesp2
SunJava System Web Server Version6.1 Updatesp3
SunJava System Web Server Version6.1 Updatesp4
SunJava System Web Server Version6.1 Updatesp5
SunJava System Web Server Version6.1 Updatesp6
SunJava System Web Server Version6.1 Updatesp7
SunJava System Web Server Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.47% 0.824
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/26326
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103003-1
http://www.securityfocus.com/bid/25190
Patch
http://www.securitytracker.com/id?1018504
http://www.vupen.com/english/advisories/2007/2766
https://exchange.xforce.ibmcloud.com/vulnerabilities/35783