CVE-2016-4993
MEDIUM6.1EPSS 1.5%Improper Neutralization of CRLF Sequences in Wildfly Undertow
發布日:2022/5/17修改日:2026/4/28
也稱為:DEBIAN-CVE-2016-4993
描述
CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
受影響套件(2)
- Debian/undertowfrom 0, < 1.4.3-1
- Maven/org.wildfly:wildfly-undertow>= 10.0.0.Final, < 11.0.0.Final
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
參考連結(13)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-4993
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-4993
- WEBhttp://rhn.redhat.com/errata/RHSA-2016-1838.html
- WEBhttp://rhn.redhat.com/errata/RHSA-2016-1839.html
- WEBhttp://rhn.redhat.com/errata/RHSA-2016-1840.html
- WEBhttp://rhn.redhat.com/errata/RHSA-2016-1841.html
- WEBhttps://access.redhat.com/errata/RHSA-2017:3454
- WEBhttps://access.redhat.com/errata/RHSA-2017:3455
- WEBhttps://access.redhat.com/errata/RHSA-2017:3456
- WEBhttps://access.redhat.com/errata/RHSA-2017:3458
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1344321
- WEBhttps://github.com/undertow-io/undertow/commit/834496fb74ddda2af197940c70d08bab419fdf12
- WEBhttps://issues.redhat.com/browse/UNDERTOW-827