Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-4975

Опубликовано: 14 авг. 2018
Источник: redhat
CVSS3: 3.7
EPSS Высокий

Описание

Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).

It was found that Apache was vulnerable to a HTTP response splitting attack for sites which use mod_userdir. An attacker could use this flaw to inject CRLF characters into the HTTP header and could possibly gain access to secure data.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5httpdWill not fix
Red Hat Enterprise Linux 6httpdWill not fix
Red Hat Enterprise Linux 8httpdNot affected
Red Hat JBoss Enterprise Application Platform 6httpdAffected
Red Hat JBoss Enterprise Web Server 2httpdWill not fix
Red Hat JBoss Enterprise Web Server 3httpdOut of support scope
Red Hat JBoss Web Server 3httpdWill not fix
Red Hat Software Collectionshttpd24-httpdNot affected
JBoss Core Services on RHEL 6jbcs-httpd24-apache-commons-daemonFixedRHSA-2018:218612.07.2018
JBoss Core Services on RHEL 6jbcs-httpd24-apache-commons-daemon-jsvcFixedRHSA-2018:218612.07.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-113
https://bugzilla.redhat.com/show_bug.cgi?id=1375968httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir

EPSS

Процентиль: 99%
0.73014
Высокий

3.7 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2016-4975

CVSS3: 6.1
ubuntu
больше 7 лет назад

Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).

nvd логотип

CVE-2016-4975

CVSS3: 6.1
nvd
больше 7 лет назад

Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).

debian логотип

CVE-2016-4975

CVSS3: 6.1
debian
больше 7 лет назад

Possible CRLF injection allowing HTTP response splitting attacks for s ...

github логотип

GHSA-crcg-r773-w4rv

CVSS3: 6.1
github
больше 3 лет назад

Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).

suse-cvrf логотип

openSUSE-SU-2018:2856-1

suse-cvrf
больше 7 лет назад

Security update for apache2

EPSS

Процентиль: 99%
0.73014
Высокий

3.7 Low

CVSS3