ID CVE-2007-4164
Summary CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.
References
Vulnerable Configurations
  • Sun Java System Web Server 6.1
    cpe:2.3:a:sun:java_system_web_server:6.1
  • Sun Java System Web Server 6.1 SP1
    cpe:2.3:a:sun:java_system_web_server:6.1:sp1
  • Sun Java System Web Server 6.1 SP2
    cpe:2.3:a:sun:java_system_web_server:6.1:sp2
  • Sun Java System Web Server 6.1 SP3
    cpe:2.3:a:sun:java_system_web_server:6.1:sp3
  • Sun Java System Web Server 6.1 SP4
    cpe:2.3:a:sun:java_system_web_server:6.1:sp4
  • Sun Java System Web Server 6.1 SP5
    cpe:2.3:a:sun:java_system_web_server:6.1:sp5
  • Sun Java System Web Server 6.1 SP6
    cpe:2.3:a:sun:java_system_web_server:6.1:sp6
  • Sun Java System Web Server 6.1 SP7
    cpe:2.3:a:sun:java_system_web_server:6.1:sp7
  • Sun Java System Web Server 7.0
    cpe:2.3:a:sun:java_system_web_server:7.0
CVSS
Base: 7.5 (as of 07-08-2007 - 09:29)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_125437.NASL
    description Oracle iPlanet Web Server 7.0.12 Solaris: Update Release patch. Date this patch was last updated by Sun : Aug/19/11
    last seen 2018-09-02
    modified 2016-12-12
    plugin id 27023
    published 2007-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27023
    title Solaris 9 (sparc) : 125437-22
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_125438.NASL
    description Oracle iPlanet Web Server 7.0.12 Solaris_x86: Update Release patch. Date this patch was last updated by Sun : Aug/26/11
    last seen 2018-09-01
    modified 2016-12-12
    plugin id 27039
    published 2007-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27039
    title Solaris 9 (x86) : 125438-22
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_125437.NASL
    description Oracle iPlanet Web Server 7.0.12 Solaris: Update Release patch. Date this patch was last updated by Sun : Aug/19/11 This plugin has been deprecated and either replaced with individual 125437 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 26988
    published 2007-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26988
    title Solaris 10 (sparc) : 125437-22 (deprecated)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_125437-22.NASL
    description Oracle iPlanet Web Server 7.0.12 Solaris: Update Release patch. Date this patch was last updated by Sun : Aug/19/11
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107431
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107431
    title Solaris 10 (sparc) : 125437-22
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_125438-22.NASL
    description Oracle iPlanet Web Server 7.0.12 Solaris_x86: Update Release patch. Date this patch was last updated by Sun : Aug/26/11
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107932
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107932
    title Solaris 10 (x86) : 125438-22
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_116649-25.NASL
    description Web Server 6.1: Sun ONE Web Server 6.1_x86 Patch WS61SP13. Date this patch was last updated by Sun : Sep/20/10
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107796
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107796
    title Solaris 10 (x86) : 116649-25
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_116648.NASL
    description Web Server 6.1: Sun ONE Web Server 6.1 Patch WS61SP13. Date this patch was last updated by Sun : Sep/20/10
    last seen 2018-09-01
    modified 2016-12-12
    plugin id 23519
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23519
    title Solaris 9 (sparc) : 116648-25
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_116648.NASL
    description Web Server 6.1: Sun ONE Web Server 6.1 Patch WS61SP13. Date this patch was last updated by Sun : Sep/20/10
    last seen 2018-09-01
    modified 2016-12-12
    plugin id 23381
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23381
    title Solaris 8 (sparc) : 116648-25
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_125438.NASL
    description Oracle iPlanet Web Server 7.0.12 Solaris_x86: Update Release patch. Date this patch was last updated by Sun : Aug/26/11 This plugin has been deprecated and either replaced with individual 125438 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 27000
    published 2007-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27000
    title Solaris 10 (x86) : 125438-22 (deprecated)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_125437.NASL
    description Oracle iPlanet Web Server 7.0.12 Solaris: Update Release patch. Date this patch was last updated by Sun : Aug/19/11
    last seen 2018-09-02
    modified 2016-12-12
    plugin id 27010
    published 2007-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27010
    title Solaris 8 (sparc) : 125437-22
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_116648-25.NASL
    description Web Server 6.1: Sun ONE Web Server 6.1 Patch WS61SP13. Date this patch was last updated by Sun : Sep/20/10
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107295
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107295
    title Solaris 10 (sparc) : 116648-25
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_116648.NASL
    description Web Server 6.1: Sun ONE Web Server 6.1 Patch WS61SP13. Date this patch was last updated by Sun : Sep/20/10 This plugin has been deprecated and either replaced with individual 116648 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 22946
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22946
    title Solaris 10 (sparc) : 116648-25 (deprecated)
refmap via4
bid 25190
sectrack 1018504
secunia 26326
sunalert 103003
vupen ADV-2007-2766
xf sun-redirect-response-splitting(35783)
Last major update 07-03-2011 - 21:57
Published 07-08-2007 - 06:17
Last modified 28-07-2017 - 21:32
Back to Top