Apache – CVE-2016-8743

Description

Kayran has detected that the version of Apache HTTP Server being used is accepting whitespace characters from requests that are sent in response lines and headers.
Accepting these different behaviors represent a security concern when httpd participates in any chain of proxies or interacts with back-end application servers. Also known as CVE-2016-8743.

Through mod_proxy or using conventional CGI mechanisms, remote attackers could possibly abuse this flaw to inject data into HTTP responses, which results in proxy cache poisoning.
It could also lead to request smuggling and response splitting.

Severity/Score

CVSS Version 3.x – 7.5 High

Recommendation

To fix CVE-2016-8743, upgrade the version of Apache Server being used to either 2.2.32 or 2.4.25.

References

https://cwe.mitre.org/data/definitions/20.html

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743

< Return to all Vulnerabilities

Red Team

You’ve probably heard that there are teams in the Cyber field called Red Team and Blue Team. Let’s talk about the red one, shall we?

Read More »