7.5

CVE-2007-4164

EPSS 1.45%
Veröffentlicht 07.08.2007 10:17:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sun ≫ Java System Web Server Version6.1

Sun ≫ Java System Web Server Version6.1 Updatesp1

Sun ≫ Java System Web Server Version6.1 Updatesp2

Sun ≫ Java System Web Server Version6.1 Updatesp3

Sun ≫ Java System Web Server Version6.1 Updatesp4

Sun ≫ Java System Web Server Version6.1 Updatesp5

Sun ≫ Java System Web Server Version6.1 Updatesp6

Sun ≫ Java System Web Server Version6.1 Updatesp7

Sun ≫ Java System Web Server Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.45%	0.789

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/26326

Vendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103003-1

http://www.securityfocus.com/bid/25190

Patch

http://www.securitytracker.com/id?1018504

http://www.vupen.com/english/advisories/2007/2766

https://exchange.xforce.ibmcloud.com/vulnerabilities/35783

https://nvd.nist.gov/vuln/detail/CVE-2007-4164

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-4164

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-4164

EUVD