vulnerability

Red Hat JBoss EAP: CVE-2016-4993: CRLF Injection

Name: Red Hat JBoss EAP: CVE-2016-4993: CRLF Injection
Creator: Red Hat
Published: 2016-09-08T00:00:00.000Z
Keywords: CVE, CWE-93, CWE-113, Red Hat JBoss EAP, 2016, 4993, CRLF Injection, red-hat-jboss-eap-upgrade-latest, Severity 6

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published

Sep 8, 2016

Added

Sep 19, 2024

Modified

Jul 2, 2025

Description

CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.. It was reported that EAP 7 Application Server/Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.

Solution

red-hat-jboss-eap-upgrade-latest

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report