CVE-2016-4993 Vulnerability in maven package io.undertow:undertow-core

Description

CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Remediation

References

http://www.securitytracker.com/id/1036758

http://rhn.redhat.com/errata/RHSA-2016-1838.html

http://rhn.redhat.com/errata/RHSA-2016-1840.html

http://rhn.redhat.com/errata/RHSA-2016-1841.html

https://bugzilla.redhat.com/show_bug.cgi?id=1344321

http://rhn.redhat.com/errata/RHSA-2016-1839.html

http://www.securityfocus.com/bid/92894

https://access.redhat.com/errata/RHSA-2017:3458

https://access.redhat.com/errata/RHSA-2017:3456

https://access.redhat.com/errata/RHSA-2017:3455

https://access.redhat.com/errata/RHSA-2017:3454

Related Vulnerabilities

CVE-2020-35209 Vulnerability in maven package io.atomix:atomix

CVE-2018-11693 Vulnerability in npm package node-sass

CVE-2018-3738 Vulnerability in maven package org.webjars.npm:protobufjs

CVE-2023-32314 Vulnerability in maven package org.webjars.npm:vm2

CVE-2020-8237 Vulnerability in maven package org.webjars.bower:json-bigint

Severity

High

Classification

CWE-93 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N