VYPR
Unrated severityNVD Advisory· Published Aug 7, 2007· Updated Jun 16, 2026

CVE-2007-4164

CVE-2007-4164

Description

CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.

Affected products

10
  • cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:java_system_web_server:6.1:sp1:*:*:*:*:*:*
    • cpe:2.3:a:sun:java_system_web_server:6.1:sp2:*:*:*:*:*:*
    • cpe:2.3:a:sun:java_system_web_server:6.1:sp3:*:*:*:*:*:*
    • cpe:2.3:a:sun:java_system_web_server:6.1:sp4:*:*:*:*:*:*
    • cpe:2.3:a:sun:java_system_web_server:6.1:sp5:*:*:*:*:*:*
    • cpe:2.3:a:sun:java_system_web_server:6.1:sp6:*:*:*:*:*:*
    • cpe:2.3:a:sun:java_system_web_server:6.1:sp7:*:*:*:*:*:*
    • cpe:2.3:a:sun:java_system_web_server:7.0:*:*:*:*:*:*:*
    • (no CPE)range: <20070802

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.