CVE-2007-4164 : CRLF injection vulnerability in the redirect feature in Sun Java System Web Serv

CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.

Published 2007-08-07 10:17:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2007-4164

SUN » Java System Web Server » Version: 6.1
cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*
Matching versions
SUN » Java System Web Server » Version: 6.1 Update SP1
cpe:2.3:a:sun:java_system_web_server:6.1:sp1:*:*:*:*:*:*
Matching versions
SUN » Java System Web Server » Version: 6.1 Update SP2
cpe:2.3:a:sun:java_system_web_server:6.1:sp2:*:*:*:*:*:*
Matching versions
SUN » Java System Web Server » Version: 6.1 Update SP3
cpe:2.3:a:sun:java_system_web_server:6.1:sp3:*:*:*:*:*:*
Matching versions
SUN » Java System Web Server » Version: 6.1 Update SP4
cpe:2.3:a:sun:java_system_web_server:6.1:sp4:*:*:*:*:*:*
Matching versions
SUN » Java System Web Server » Version: 6.1 Update SP5
cpe:2.3:a:sun:java_system_web_server:6.1:sp5:*:*:*:*:*:*
Matching versions
SUN » Java System Web Server » Version: 6.1 Update SP6
cpe:2.3:a:sun:java_system_web_server:6.1:sp6:*:*:*:*:*:*
Matching versions
SUN » Java System Web Server » Version: 7.0
cpe:2.3:a:sun:java_system_web_server:7.0:*:*:*:*:*:*:*
Matching versions
SUN » Java System Web Server » Version: 6.1 Update SP7
cpe:2.3:a:sun:java_system_web_server:6.1:sp7:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2007-4164

Top countries where our scanners detected CVE-2007-4164

Top open port discovered on systems with this issue 80

IPs affected by CVE-2007-4164 128

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2007-4164!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2007-4164

EPSS FAQ

1.45%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 79 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2007-4164

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2007-4164

Jump to

Vulnerability Details : CVE-2007-4164

Products affected by CVE-2007-4164

Threat overview for CVE-2007-4164

Exploit prediction scoring system (EPSS) score for CVE-2007-4164

CVSS scores for CVE-2007-4164

References for CVE-2007-4164