vulnerability

Ubuntu: (CVE-2016-4993): undertow vulnerability

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Sep 26, 2016

Added

Jun 26, 2025

Modified

Jul 28, 2025

Description

CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Solution

no-fix-ubuntu-package

References

CVE-2016-4993
https://attackerkb.com/topics/CVE-2016-4993
https://issues.jboss.org/browse/UNDERTOW-827
https://www.cve.org/CVERecord?id=CVE-2016-4993

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report