Apache – CVE-2016-4975

Description

Kayran has detected that the Version of Apache HTTP Server being used is vulnerable to Improper Neutralization of CRLF Sequences, aka ‘CRLF Injection’ (CWE-93). This type is also being referred to as “HTTP response splitting”.
Also known as CVE-2016-4975.

A possible CRLF injection allowing HTTP response splitting attacks for sites that uses mod_userdir.
By prohibiting CR or LF injection into the “Location” or other outbound header key or value in later version, the issue got resolved.

There’s a chance that this vulnerability will allow attackers to modify system files and information.

Recommendation

To fix CVE-2016-4975, upgrade the version of Apache HTTP Server being used to either 2.2.32 or 2.4.25.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4975

https://cwe.mitre.org/data/definitions/93.html

< Return to all Vulnerabilities

Passwords 101

Unlike basketballs, “passwords” are things we don’t want to be passed around, especially in a society built around the idea that “mystery” is appealing. We

Read More »

The Dark Web

Let’s talk about the darker and more mysterious side of the internet, also known as The Dark Web. You’ve probably heard about it, whether it’s

Read More »

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

Read More »

HTTP VS. HTTPS

You must have once wondered what HTTP means and what is the difference between that ugly word to HTTPS, and if not, then please read

Read More »