CVE-2016-4993
Description
CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
1.476
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2016-4993 are fixed in wildfly-undertow 11.0.0 | Windows |
| Vulnerabilities CVE-2016-4993,CVE-2016-5406 are affected in Red Hat JBoss Enterprise Application Platform 7 7.0.1 | Windows |
| Vulnerabilities CVE-2016-4993 are fixed in wildfly-undertow for Linux 11.0.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234