Redirect vulnerability reported in Sun Java System Web Server
Here is another security threat as vulnerability has been figured out in Sun Java System Web Server which can be exploited for carrying out HTTP header injection and HTTP response splitting attacks and at the same time there is a risk of losing sensitive information.
The reason behind the vulnerability is an unspecified error within the redirect feature which can be exploited in case redirect Server Application Function is set to use the url-prefix parameter coupled with escape parameter being set to no or Error directive uses the url-prefix parameter in the obj.conf file. One needs to apply Web Server 6.1 service pack 8 or later and Web Server 7.0 Update 1 or later to counter this problem. Click here for the solution.