SUN » Java System Web Server » 6.1 sp3 : Security Vulnerabilities, CVEs, CVSS score >= 7
CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.
Max CVSS
7.5
EPSS Score
3.11%
Published
2007-08-07
Updated
2017-07-29
Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 before 20070315 allows remote attackers to "gain unauthorized access to data", possibly involving a sample application.
Max CVSS
7.5
EPSS Score
1.89%
Published
2007-03-16
Updated
2017-07-29
2 vulnerabilities found