Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2016-4975

Published: August 14, 2018Last modified: November 9, 2023

Description

Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).

Severity score breakdown

ParameterValue
Base score6.1
Attack VectorNETWORK
Attack complexityLOW
Privileges requiredNONE
User interactionREQUIRED
ScopeCHANGED
ConfidentialityLOW
Integrity impactLOW
Availability impactNONE
VectorCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSapache2Not affected (2.4.57-r0)
Streamapache2Not affected (2.4.57-r3)

References

ON THIS PAGE