CVE-2007-4164

by Fred · 07/08/2007

CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.

Date published : 2007-08-07

http://www.securityfocus.com/bid/25190

http://www.securitytracker.com/id?1018504

CVE-2007-4164

Similar

Recent Posts

Categories

CVE-2007-4164

Share this:

Similar

Recent Posts

Categories

Tags