CVE-2016-4993

Aliases:GHSA-qcqr-hcjq-whfq

Advisory lineage Upstream: 0 Downstream: 8

Downstream

DEBIAN-CVE-2016-4993 RHSA-2016:1838 RHSA-2016:1839 RHSA-2016:1840 RHSA-2017:3454 RHSA-2017:3455

Modified

Published: 26 Sept 2016, 14:00

Last modified:06 Aug 2024, 00:46

Vulnerability Summary

Overall Risk (default)

medium

25/100

CVSS Score

6.1 MEDIUM

v3.0 (nvd)

EPSS Score

1.48% LOW

1% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

26 Sept 2016, 14:00

Published

Vulnerability first disclosed

06 Aug 2024, 00:46

Last Modified

Vulnerability information updated

Description

CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

CVSS Metrics

v3.0•MEDIUM•Score: 6.1CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS Trends

Current EPSS score: 1.48%• Percentile: 81%

Techniques & Countermeasures

CWE-93•Improper Neutralization of CRLF Sequences ('CRLF Injection')
The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.
CWE-113•Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
The product receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.

Affected Systems

org.wildfly•wildfly-undertow
≥ 10.0.0.Final, < 11.0.0.Final
redhat•jboss_enterprise_application_platform
≤ 7.0.1
redhat•jboss_wildfly_application_server
10.0.0