What is the severity of CVE-2007-4164?

CVE-2007-4164 is considered a high severity vulnerability due to its potential for CRLF injection attacks that can lead to unauthorized data access.

How do I fix CVE-2007-4164?

To fix CVE-2007-4164, update to Sun Java System Web Server version 6.1-sp8 or 7.0 or later which contain the necessary patches.

What systems are affected by CVE-2007-4164?

CVE-2007-4164 affects Sun Java System Web Server versions 6.1 and 7.0 prior to the updates released on 20070802.

What is CRLF injection as mentioned in CVE-2007-4164?

CRLF injection is a vulnerability that allows attackers to inject carriage return and line feed characters into HTTP headers, potentially leading to HTTP response splitting attacks.

Can CVE-2007-4164 be exploited remotely?

Yes, CVE-2007-4164 can be exploited remotely, enabling attackers to manipulate web server responses.

Vulnerability/
CVE-2007-4164

high

7.5

CWE

NVD-CWE-Other 93

7/8/2007

7/8/2024

CVE-2007-4164: CRLF Injection

First published: Tue Aug 07 2007(Updated: )

CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Sun Java System Web Server	=6.1-sp1
Sun Java System Web Server	=6.1-sp6
Sun Java System Web Server	=6.1-sp3
Sun Java System Web Server	=6.1
Sun Java System Web Server	=6.1-sp4
Sun Java System Web Server	=6.1-sp5
Sun Java System Web Server	=7.0
Sun Java System Web Server	=6.1-sp2
Sun Java System Web Server	=6.1-sp7

Remedy

http://www.securityfocus.com/bid/25190

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2007-4164?
CVE-2007-4164 is considered a high severity vulnerability due to its potential for CRLF injection attacks that can lead to unauthorized data access.
How do I fix CVE-2007-4164?
To fix CVE-2007-4164, update to Sun Java System Web Server version 6.1-sp8 or 7.0 or later which contain the necessary patches.
What systems are affected by CVE-2007-4164?
CVE-2007-4164 affects Sun Java System Web Server versions 6.1 and 7.0 prior to the updates released on 20070802.
What is CRLF injection as mentioned in CVE-2007-4164?
CRLF injection is a vulnerability that allows attackers to inject carriage return and line feed characters into HTTP headers, potentially leading to HTTP response splitting attacks.
Can CVE-2007-4164 be exploited remotely?
Yes, CVE-2007-4164 can be exploited remotely, enabling attackers to manipulate web server responses.

collector/nvd-historical
collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/remedy
agent/severity
agent/weakness
agent/last-modified-date
agent/description
agent/tags
agent/first-publish-date
agent/event
agent/source
vendor/sun
canonical/sun java system web server
version/sun java system web server/6.1-sp1
version/sun java system web server/6.1-sp6
version/sun java system web server/6.1-sp3
version/sun java system web server/6.1
version/sun java system web server/6.1-sp4
version/sun java system web server/6.1-sp5
version/sun java system web server/7.0
version/sun java system web server/6.1-sp2
version/sun java system web server/6.1-sp7