Apache – CVE-2016-4975

Home » Blog » Apache – CVE-2016-4975

Description

Kayran has detected that the Version of Apache HTTP Server being used is vulnerable to Improper Neutralization of CRLF Sequences, aka ‘CRLF Injection’ (CWE-93). This type is also being referred to as “HTTP response splitting”.
Also known as CVE-2016-4975.

A possible CRLF injection allowing HTTP response splitting attacks for sites that uses mod_userdir.
By prohibiting CR or LF injection into the “Location” or other outbound header key or value in later version, the issue got resolved.

There’s a chance that this vulnerability will allow attackers to modify system files and information.

Recommendation

To fix CVE-2016-4975, upgrade the version of Apache HTTP Server being used to either 2.2.32 or 2.4.25.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4975

https://cwe.mitre.org/data/definitions/93.html

< Return to all Vulnerabilities

Designing our Web Apps – CSS

The CSS language which are the initials of Cascading Style Sheets, similar to HTML, CSS is not a programming language, it’s belong to a group

Models – CIA and AAA

The field of information security is based on a number of basic principles that are important for us. Each principle is part of two main

To serve or not to serve – DoS vs. DDoS

If you’ve heard of the beautiful term called DoS before, great! that’s not it. To the “veterans” among us this term usually attributed to DOS

Horror Movie Villains – Common Malwares

In the field of Information Security (or, Cyber Security), there are many things we need to deal with. Just like the Horror Movie Villains we

HTTP VS. HTTPS

You must have once wondered what HTTP means and what is the difference between that ugly word to HTTPS, and if not, then please read

Crossing Scripts – XSS

Injections. SQL Injections. Cross-site Scripting (hence the amazing title “Crossing Scripts – XSS”). There all sorts of Injection-Based attacks, if you want to read about

WEB APPLICATION VULNERABILITY SCANNER

Links

registered user?