Описание
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 2.4.25-3ubuntu2 |
| esm-infra-legacy/trusty | released | 2.4.7-1ubuntu4.15 |
| esm-infra/xenial | released | 2.4.18-2ubuntu3.2 |
| precise | ignored | end of life |
| precise/esm | not-affected | 2.2.22-1ubuntu1.12 |
| trusty | released | 2.4.7-1ubuntu4.15 |
| trusty/esm | released | 2.4.7-1ubuntu4.15 |
| upstream | released | 2.4.25-1 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was li ...
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.
ELSA-2017-1721: httpd security and bug fix update (MODERATE)
EPSS
5 Medium
CVSS2
7.5 High
CVSS3