CVE-2016-4993
- Source
- https://cve.org/CVERecord?id=CVE-2016-4993
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4993.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-4993
- Aliases
- Downstream
- Published
- 2016-09-26T14:59:03.117Z
- Modified
- 2026-05-28T04:03:12.635338599Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
- Database specific
{ "unresolved_ranges": [ { "extracted_events": [ { "last_affected": "7.0.1" } ], "cpes": [ "cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*" ], "vendor_product": "redhat:jboss_enterprise_application_platform", "source": "CPE_RANGE" } ] }- References
-
- http://www.securityfocus.com/bid/92894
- http://rhn.redhat.com/errata/RHSA-2016-1838.html
- http://rhn.redhat.com/errata/RHSA-2016-1839.html
- http://rhn.redhat.com/errata/RHSA-2016-1840.html
- http://rhn.redhat.com/errata/RHSA-2016-1841.html
- http://www.securitytracker.com/id/1036758
- https://access.redhat.com/errata/RHSA-2017:3454
- https://access.redhat.com/errata/RHSA-2017:3455
- https://access.redhat.com/errata/RHSA-2017:3456
- https://access.redhat.com/errata/RHSA-2017:3458
- https://bugzilla.redhat.com/show_bug.cgi?id=1344321
Affected packages
Git / github.com/wildfly/wildfly
Affected ranges
- Type
- GIT
- Repo
- https://github.com/wildfly/wildfly
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "extracted_events": [ { "introduced": "0" }, { "last_affected": "10.0.0" } ], "cpe": "cpe:2.3:a:redhat:jboss_wildfly_application_server:10.0.0:*:*:*:*:*:*:*", "source": "CPE_STRING" }
Affected versions
10.*
10.0.0.Alpha1
10.0.0.Alpha2
10.0.0.Alpha3
10.0.0.Alpha4
10.0.0.Alpha5
10.0.0.Alpha6
10.0.0.Beta1
10.0.0.Beta2
10.0.0.CR1
10.0.0.CR2
10.0.0.CR3
10.0.0.CR4
10.0.0.CR5
10.0.0.Final
7.*
7.0.0.Alpha1
7.0.0.Alpha1-final
7.0.0.Beta1-prerelease
7.0.0.Beta2
7.0.0.Beta2-prerelease
7.0.0.Beta3
7.0.0.CR1
7.0.0.Final
7.0.0.Final-prerelease
7.0.0.Final-prerelease2
7.0.0.Final-prerelease3
7.1.0.Alpha1
7.1.0.Beta1
7.1.0.CR1
7.1.0.Final
7.1.0.Final-prerelease
7.1.0.Final-prerelease2
7.1.1.Final
7.1.2-prerelease
7.1.2.Final
7.2.0.Final
7.2.0.Final-prerelease1
8.*
8.0.0.Alpha1
8.0.0.Alpha2
8.0.0.Alpha3
8.0.0.Alpha4
8.0.0.Beta1
8.0.0.CR1
8.0.0.Final
8.1.0.CR1
8.1.0.CR2
9.*
9.0.0.Beta1
9.0.0.Beta2
9.0.0.CR1