CVE-2007-4164

Published Aug 7, 2007

Last updated 7 years ago

Overview

Description: CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "044D96F6-7A18-4295-A665-16F1A6630963"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85A181D1-C261-4C29-BC8C-A7A815A63E2E"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A10F68F-4A2F-44A0-A039-1A34C6E2D083"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "021DC080-18ED-41F4-9FBD-1DD0C332F871"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C878B2FD-88A1-44E2-9234-C40CA1DDC5BC"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BABE9BB1-E968-4EC9-A13A-6ECBCDC0D9AC"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6606659-59FE-4E17-9643-2267223DE6F8"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BC77D08-B591-4824-AC47-F14F4F53C63D"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DFAA741F-6B77-44E5-8B84-AB5E49901BD1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References