CVE-2016-4993
MEDIUMRed Hat JBoss Enterprise Application Platform < 7.0.1 - HTTP Response Splitting via Undertow Web Server
Title source: llmDescription
CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
References (11)
Core 11
Core References
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-1841.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/92894
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:3458
Third Party Advisory vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1036758
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-1838.html
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:3455
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:3456
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1344321
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:3454
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-1839.html
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-1840.html
Scores
CVSS v3
6.1
EPSS
0.0256
EPSS Percentile
83.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-113
CWE-93
Status
published
Products (3)
org.wildfly/wildfly-undertow
10.0.0.Final - 11.0.0.FinalMaven
redhat/jboss_enterprise_application_platform
< 7.0.1
redhat/jboss_wildfly_application_server
10.0.0
Published
Sep 26, 2016
Tracked Since
Feb 18, 2026