Vulnerability in Sun Java_system_web_server

CVE-2007-4164

CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive…

EPSS: 0.025 (82.4th percentile) — read the EPSS interpretation.

Affected products

Sun Java_system_web_server — versions 6.1, 7.0
N/a — versions n/a

References

cve@mitre.org (vdb-entry, x_refsource_VUPEN)
cve@mitre.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
cve@mitre.org (Patch, vdb-entry, x_refsource_BID)
cve@mitre.org (vdb-entry, x_refsource_XF)
cve@mitre.org (vendor-advisory, x_refsource_SUNALERT)
cve@mitre.org (vdb-entry, x_refsource_SECTRACK)