ByteOS Network

NVD Vulnerability Details :

CVE-2016-4993

Modified

Source-secalert@redhat.com

Published At-26 Sep, 2016 | 14:59

Updated At-06 May, 2026 | 22:30

CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	6.1	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N

Type: Primary

Version: 3.0

Base score: 6.1

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:N/I:P/A:N

CPE Matches

Red Hat, Inc.

>>jboss_enterprise_application_platform>>Versions up to 7.0.1(inclusive)

cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*

Red Hat, Inc.

>>jboss_wildfly_application_server>>10.0.0

cpe:2.3:a:redhat:jboss_wildfly_application_server:10.0.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux>>6.0

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux>>7.0

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-93	Primary	nvd@nist.gov
CWE-113	Primary	nvd@nist.gov

CWE ID: CWE-93

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-113

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://rhn.redhat.com/errata/RHSA-2016-1838.html	secalert@redhat.com	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1839.html	secalert@redhat.com	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1840.html	secalert@redhat.com	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1841.html	secalert@redhat.com	Third Party Advisory
http://www.securityfocus.com/bid/92894	secalert@redhat.com	N/A
http://www.securitytracker.com/id/1036758	secalert@redhat.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3454	secalert@redhat.com	N/A
https://access.redhat.com/errata/RHSA-2017:3455	secalert@redhat.com	N/A
https://access.redhat.com/errata/RHSA-2017:3456	secalert@redhat.com	N/A
https://access.redhat.com/errata/RHSA-2017:3458	secalert@redhat.com	N/A
https://bugzilla.redhat.com/show_bug.cgi?id=1344321	secalert@redhat.com	Issue Tracking Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1838.html	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1839.html	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1840.html	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1841.html	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
http://www.securityfocus.com/bid/92894	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securitytracker.com/id/1036758	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3454	af854a3a-2127-422b-91ae-364da2661108	N/A
https://access.redhat.com/errata/RHSA-2017:3455	af854a3a-2127-422b-91ae-364da2661108	N/A
https://access.redhat.com/errata/RHSA-2017:3456	af854a3a-2127-422b-91ae-364da2661108	N/A
https://access.redhat.com/errata/RHSA-2017:3458	af854a3a-2127-422b-91ae-364da2661108	N/A
https://bugzilla.redhat.com/show_bug.cgi?id=1344321	af854a3a-2127-422b-91ae-364da2661108	Issue Tracking Third Party Advisory