CVE-2016-4993
Published on: 09/26/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:26:59 PM UTC
Certain versions of Enterprise Linux from Redhat contain the following vulnerability:
CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
- CVE-2016-4993 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 6.1 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
NETWORK | LOW | NONE | REQUIRED | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
CHANGED | LOW | LOW | NONE |
CVSS2 Score: 4.3 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | PARTIAL | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Red Hat Customer Portal | access.redhat.com text/html |
![]() |
Red Hat Customer Portal | access.redhat.com text/html |
![]() |
Red Hat Customer Portal | Third Party Advisory web.archive.org text/html Inactive LinkNot Archived |
![]() |
Red Hat Customer Portal | Third Party Advisory web.archive.org text/html Inactive LinkNot Archived |
![]() |
Red Hat Customer Portal | access.redhat.com text/html |
![]() |
RedHat JBoss Enterprise Application Platform CVE-2016-4993 HTTP Header Injection Vulnerability | cve.report (archive) text/html |
![]() |
Red Hat Customer Portal | Third Party Advisory web.archive.org text/html Inactive LinkNot Archived |
![]() |
Red Hat Customer Portal | access.redhat.com text/html |
![]() |
Bug 1344321 – CVE-2016-4993 eap: HTTP header injection / response splitting | Issue Tracking Third Party Advisory bugzilla.redhat.com text/html |
![]() |
Red Hat Customer Portal | Third Party Advisory web.archive.org text/html Inactive LinkNot Archived |
![]() |
Red Hat JBoss Enterprise Application Platform Input Validation Flaw Lets Remote Users Conduct HTTP Response Splitting and Content Injection Attacks - SecurityTracker | Third Party Advisory www.securitytracker.com text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Operating System | Redhat | Enterprise Linux | 6.0 | All | All | All |
Operating System | Redhat | Enterprise Linux | 7.0 | All | All | All |
Operating System | Redhat | Enterprise Linux | 6.0 | All | All | All |
Operating System | Redhat | Enterprise Linux | 7.0 | All | All | All |
Application | Redhat | Jboss Enterprise Application Platform | All | All | All | All |
Application | Redhat | Jboss Wildfly Application Server | 10.0.0 | All | All | All |
Application | Redhat | Jboss Wildfly Application Server | 10.0.0 | All | All | All |
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*:
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*:
- cpe:2.3:a:redhat:jboss_wildfly_application_server:10.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:redhat:jboss_wildfly_application_server:10.0.0:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE