Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-8743

Опубликовано: 27 июл. 2017
Источник: debian
EPSS Низкий

Описание

Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
apache2fixed2.4.25-1package

Примечания

  • https://lists.apache.org/thread.html/139862b41c0dfd5e6e00ad89c00119f9faf0dd41a2f927da9c9a4076@%3Cannounce.httpd.apache.org%3E

  • https://httpd.apache.org/security/vulnerabilities_24.html

  • The fix is not fully backwards compatible so upstream have

  • created a new option to control this behaviour. This means that

  • if this is fixed the security advisory need to mention this.

  • The fix is invasive and should require some extra testing before reaching

  • stable and old-stable.

  • Affects: 2.2.0 to 2.4.23.

  • Fixed in 2.4.25.

  • For 2.2 preparation is done in http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x-merge-http-strict/

EPSS

Процентиль: 92%
0.08406
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2016-8743

CVSS3: 7.5
ubuntu
больше 8 лет назад

Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.

redhat логотип

CVE-2016-8743

CVSS3: 4
redhat
почти 9 лет назад

Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.

nvd логотип

CVE-2016-8743

CVSS3: 7.5
nvd
больше 8 лет назад

Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.

github логотип

GHSA-2rfh-2gh8-v9fq

CVSS3: 7.5
github
больше 3 лет назад

Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.

oracle-oval логотип

ELSA-2017-1721

oracle-oval
больше 8 лет назад

ELSA-2017-1721: httpd security and bug fix update (MODERATE)

EPSS

Процентиль: 92%
0.08406
Низкий