Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2016-4975

Опубликовано: 14 авг. 2018
Источник: ubuntu
Приоритет: low
EPSS Высокий
CVSS2: 4.3
CVSS3: 6.1

Описание

Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).

РелизСтатусПримечание
bionic

not-affected

2.4.29-1ubuntu4.2
cosmic

not-affected

2.4.34-1ubuntu1
devel

not-affected

2.4.34-1ubuntu1
disco

not-affected

2.4.34-1ubuntu1
esm-infra-legacy/trusty

released

2.4.7-1ubuntu4.15
esm-infra/bionic

not-affected

2.4.29-1ubuntu4.2
esm-infra/xenial

released

2.4.18-2ubuntu3.2
precise/esm

not-affected

2.2.22-1ubuntu1.12
trusty

released

2.4.7-1ubuntu4.15
trusty/esm

released

2.4.7-1ubuntu4.15

Показывать по

Ссылки на источники

EPSS

Процентиль: 99%
0.73014
Высокий

4.3 Medium

CVSS2

6.1 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2016-4975

CVSS3: 3.7
redhat
больше 7 лет назад

Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).

nvd логотип

CVE-2016-4975

CVSS3: 6.1
nvd
больше 7 лет назад

Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).

debian логотип

CVE-2016-4975

CVSS3: 6.1
debian
больше 7 лет назад

Possible CRLF injection allowing HTTP response splitting attacks for s ...

github логотип

GHSA-crcg-r773-w4rv

CVSS3: 6.1
github
больше 3 лет назад

Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).

suse-cvrf логотип

openSUSE-SU-2018:2856-1

suse-cvrf
больше 7 лет назад

Security update for apache2

EPSS

Процентиль: 99%
0.73014
Высокий

4.3 Medium

CVSS2

6.1 Medium

CVSS3