CVE-2007-4164

Name of the Vulnerable Software and Affected Versions Sun Java System Web Server versions 6.1 through 7.0 before 20070802

Description The issue is related to a CRLF injection vulnerability in the redirect feature. This occurs when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf. As a result, remote attackers can inject arbitrary HTTP headers and conduct HTTP response splitting attacks.

Recommendations For Sun Java System Web Server versions 6.1 through 7.0 before 20070802, update to a version released after 20070802 to resolve the issue.