Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4164


Vulnerability Score 7.5 7.5
CVE Id CVE-2007-4164
Last Modified 07 Mar 2011 09:57:55
Published 07 Aug 2007 06:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.

Vulnerable Systems


  • Sun Java System Web Server 6.1

  • Sun Java System Web Server 7.0


BID - 25190

XF - sun-redirect-response-splitting(35783)

VUPEN - ADV-2007-2766

SECTRACK - 1018504

SUNALERT - 103003

SECUNIA - 26326

Last Updated: 27 May 2016 10:45:46