CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
rhn.redhat.com/errata/RHSA-2016-1838.html
rhn.redhat.com/errata/RHSA-2016-1839.html
rhn.redhat.com/errata/RHSA-2016-1840.html
rhn.redhat.com/errata/RHSA-2016-1841.html
access.redhat.com/errata/RHSA-2017:3454
access.redhat.com/errata/RHSA-2017:3455
access.redhat.com/errata/RHSA-2017:3456
access.redhat.com/errata/RHSA-2017:3458
bugzilla.redhat.com/show_bug.cgi?id=1344321
github.com/undertow-io/undertow/commit/834496fb74ddda2af197940c70d08bab419fdf12
issues.redhat.com/browse/UNDERTOW-827
nvd.nist.gov/vuln/detail/CVE-2016-4993