Unrated severityNVD Advisory· Published Aug 7, 2007· Updated Jun 16, 2026
CVE-2007-4164
CVE-2007-4164
Description
CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.
Affected products
10cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.1:sp2:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.1:sp3:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.1:sp4:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.1:sp5:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.1:sp6:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.1:sp7:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:7.0:*:*:*:*:*:*:*
- (no CPE)range: <20070802
Patches
Vulnerability mechanics
References
6News mentions
0No linked articles in our index yet.