CVE-2007-4164 Information

Description

CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802 when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled or an Error directive uses the url-prefix parameter in obj.conf allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.

Reference

http://secunia.com/advisories/26326 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103003-1 http://www.securityfocus.com/bid/25190 http://www.securitytracker.com/id?1018504 http://www.vupen.com/english/advisories/2007/2766 https://exchange.xforce.ibmcloud.com/vulnerabilities/35783 CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802 when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled or an Error directive uses the url-prefix parameter in obj.conf allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.