Apache – CVE-2016-8743

Description

Kayran has detected that the version of Apache HTTP Server being used is accepting whitespace characters from requests that are sent in response lines and headers.
Accepting these different behaviors represent a security concern when httpd participates in any chain of proxies or interacts with back-end application servers. Also known as CVE-2016-8743.

Through mod_proxy or using conventional CGI mechanisms, remote attackers could possibly abuse this flaw to inject data into HTTP responses, which results in proxy cache poisoning.
It could also lead to request smuggling and response splitting.

Severity/Score

CVSS Version 3.x – 7.5 High

Recommendation

To fix CVE-2016-8743, upgrade the version of Apache Server being used to either 2.2.32 or 2.4.25.

References

https://cwe.mitre.org/data/definitions/20.html

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743

< Return to all Vulnerabilities

Active Directory Hacking

What does Active Directory mean? The Active Directory infrastructure is a critical infrastructure in most organizations, and it forms the backbone of the organization’s computing

Read More »

Browser Exploitation

We know that it’s possible to exploit weaknesses (or vulnerabilities) that exist in anything, from a certain code to the entire application, let’s talk about

Read More »