CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 prior to 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sun java system web server 6.1 |
||
sun java system web server 7.0 |