Уязвимость CVE-2016-4975

Пакет	Статус	Версия исправления	Релиз	Тип
apache2	fixed	2.4.25-1		package
apache2	fixed	2.4.10-10+deb8u8	jessie	package

CVE-2016-4975

CVSS3: 6.1

ubuntu

больше 7 лет назад

Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).

CVE-2016-4975

CVSS3: 3.7

redhat

больше 7 лет назад

Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).

CVE-2016-4975

CVSS3: 6.1

nvd

больше 7 лет назад

Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).

GHSA-crcg-r773-w4rv

CVSS3: 6.1

github

больше 3 лет назад

Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).

openSUSE-SU-2018:2856-1

suse-cvrf

больше 7 лет назад

Security update for apache2

exploitDog

CVE-2016-4975

Описание

Пакеты

Примечания

Связанные уязвимости