Miggo Logo

CVE-2016-4993:
Improper Neutralization of CRLF Sequences in Wildfly Undertow

6.1

CVSS Score
3.0

Basic Information

EPSS Score
0.68353%
Published
5/17/2022
Updated
1/27/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.wildfly:wildfly-undertowmaven>= 10.0.0.Final, <= 10.1.0.Final11.0.0.Final

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from improper neutralization of CR/LF sequences in HTTP headers. The commit diff shows these functions were modified to add CR/LF sanitization by replacing them with spaces. Prior to this fix, these functions processed header values without validating against CR/LF injection, making them the entry points for HTTP response splitting. The HttpString constructor was also hardened to reject newlines, but the primary vulnerable paths were in header value handling during protocol encoding/response writing.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*RL* inj**tion vuln*r**ility in t** Un**rtow w** s*rv*r in Wil**ly **.*.*, *s us** in R** **t J*oss *nt*rpris* *ppli**tion Pl*t*orm (**P) *.x ***or* *.*.*, *llows r*mot* *tt**k*rs to inj**t *r*itr*ry *TTP *****rs *n* *on*u*t *TTP r*spons* splittin* *

Reasoning

T** vuln*r**ility st*mm** *rom improp*r n*utr*liz*tion o* *R/L* s*qu*n**s in *TTP *****rs. T** *ommit *i** s*ows t**s* `*un*tions` w*r* mo*i*i** to *** *R/L* s*nitiz*tion *y r*pl**in* t**m wit* sp***s. Prior to t*is *ix, t**s* `*un*tions` pro**ss** *