Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveRedhatCVE-2016-4993
HistorySep 26, 2016 - 2:59 p.m.

CVE-2016-4993

2016-09-2614:59:03
CWE-113
CWE-93
redhat
web.nvd.nist.gov
149
cve-2016-4993
crlf injection
undertow
wildfly
red hat jboss eap
http headers
http response splitting
vulnerability
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.3

Confidence

High

EPSS

0.003

Percentile

70.4%

JSON

CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Affected configurations

Nvd
Node
redhatjboss_enterprise_application_platformRange7.0.1
OR
redhatjboss_wildfly_application_serverMatch10.0.0
AND
redhatenterprise_linuxMatch6.0
OR
redhatenterprise_linuxMatch7.0
VendorProductVersionCPE
redhatjboss_enterprise_application_platform*cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*
redhatjboss_wildfly_application_server10.0.0cpe:2.3:a:redhat:jboss_wildfly_application_server:10.0.0:*:*:*:*:*:*:*
redhatenterprise_linux6.0cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
redhatenterprise_linux7.0cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Related

debiancve 2
prion 3
osv 3
nvd 3
ubuntucve 2
redhatcve 2
github 2
cvelist 2
cve 2
veracode 1
nessus 10
redhat 14
debiancve
debiancve
CVE-2016-4993
2016-09-26 14:59:03
CVE-2018-1067
2018-05-21 17:29:00
prion
prion
Crlf injection
2016-09-26 14:59:00
Design/Logic Flaw
2016-08-29 17:59:00
Input validation
2018-05-21 17:29:00
osv
osv
Improper Neutralization of CRLF Sequences in Wildfly Undertow
2022-05-17 00:15:12
CVE-2018-1067
2018-05-21 17:29:00
Improper Neutralization of CRLF Sequences in HTTP Headers in Undertow
2022-05-13 01:14:41
nvd
nvd
CVE-2016-4993
2016-09-26 14:59:03
CVE-2016-6339
2016-08-29 17:59:01
CVE-2018-1067
2018-05-21 17:29:00
ubuntucve
ubuntucve
CVE-2016-4993
2016-09-26 00:00:00
CVE-2018-1067
2018-05-21 00:00:00
redhatcve
redhatcve
CVE-2016-4993
2016-09-08 18:18:38
CVE-2018-1067
2019-10-10 04:10:45
github
github
Improper Neutralization of CRLF Sequences in Wildfly Undertow
2022-05-17 00:15:12
Improper Neutralization of CRLF Sequences in HTTP Headers in Undertow
2022-05-13 01:14:41
cvelist
cvelist
CVE-2016-4993
2016-09-26 14:00:00
CVE-2018-1067
2018-05-21 17:00:00
cve
cve
CVE-2016-6339
2016-08-29 17:59:01
CVE-2018-1067
2018-05-21 17:29:00
veracode
veracode
HTTP Response Splitting
2018-05-22 02:10:03
nessus
nessus
RHEL 6 : JBoss EAP (RHSA-2016:1838)
2018-09-04 00:00:00
RHEL 6 / 7 : eap7-jboss-ec2-eap (RHSA-2016:1840)
2018-08-29 00:00:00
RHEL 7 : JBoss EAP (RHSA-2016:1839)
2018-09-04 00:00:00
redhat
redhat
(RHSA-2016:1839) Important: JBoss Enterprise Application Platform 7.0.2 for RHEL 7
2016-09-08 18:04:27
(RHSA-2016:1840) Important: eap7-jboss-ec2-eap security, bug fix, and enhancement update
2016-09-08 17:59:19
(RHSA-2016:1838) Important: JBoss Enterprise Application Platform 7.0.2 on RHEL 6
2016-09-08 17:58:42

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.3

Confidence

High

EPSS

0.003

Percentile

70.4%

JSON
Related for CVE-2016-4993
debiancve2prion3osv3nvd3ubuntucve2redhatcve2github2cvelist2cve2veracode1nessus10redhat14