CVE-2016-4993

CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:redhat:jboss_wildfly_application_server:10.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*
OR cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Information

Published : 2016-09-26 07:59

Updated : 2017-12-14 18:29


NVD link : CVE-2016-4993

Mitre link : CVE-2016-4993


JSON object : View

CWE
CWE-113

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

CWE-93

Improper Neutralization of CRLF Sequences ('CRLF Injection')

Advertisement

dedicated server usa

Products Affected

redhat

  • jboss_wildfly_application_server
  • enterprise_linux
  • jboss_enterprise_application_platform