Request a Demo

Apache – CVE-2016-4975

Description

Kayran has detected that the Version of Apache HTTP Server being used is vulnerable to Improper Neutralization of CRLF Sequences, aka ‘CRLF Injection’ (CWE-93). This type is also being referred to as “HTTP response splitting”.
Also known as CVE-2016-4975.

A possible CRLF injection allowing HTTP response splitting attacks for sites that uses mod_userdir.
By prohibiting CR or LF injection into the “Location” or other outbound header key or value in later version, the issue got resolved.

There’s a chance that this vulnerability will allow attackers to modify system files and information.

Recommendation

To fix CVE-2016-4975, upgrade the version of Apache HTTP Server being used to either 2.2.32 or 2.4.25.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4975

https://cwe.mitre.org/data/definitions/93.html

< Return to all Vulnerabilities

Request a Demo

What is Kayran

Kayran scanner is helping all businesses, both SMBs and enterprises, to test their online assets and products for over 30,000+ vulnerabilities.Kayran’s mission is to make

Read More »

HAR Files

In this article, I’ll talk and explain about HAR Files, so if you don’t know what they are, or, what do we use them for,

Read More »

Browser Exploitation

We know that it’s possible to exploit weaknesses (or vulnerabilities) that exist in anything, from a certain code to the entire application, let’s talk about

Read More »
Facebook Linkedin

WEB APPLICATION VULNERABILITY SCANNER

Links

registered user?

Log in
Facebook Linkedin