Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
AND |
|
History
07 Nov 2023, 02:36
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
07 Sep 2022, 17:39
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:* |
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2017-1415.html - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (CONFIRM) https://support.apple.com/HT208221 - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20180423-0001/ - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2017:1414 - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2017:1413 - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (CONFIRM) https://www.tenable.com/security/tns-2017-04 - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2017:1721 - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2017:0906 - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r09b8a39d1262adbab5528eea73df1b1f93e919bf004ed5a843d9cad1@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r94284b139540e5287ebdd3450682d3e3d187263dd6b75af8fa7d4890@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rfcb6c7b9e7ca727a7eeeb5f13f89488a03981cfa0e7c3125f18fa239@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r4fe84db67fe9dc906c6185e58bbd9913f4356dd555a5c3db490694e5@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (SECTRACK) http://www.securitytracker.com/id/1037508 - Broken Link, Third Party Advisory, VDB Entry | |
References | (CONFIRM) https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03753en_us - Third Party Advisory | |
References | (DEBIAN) http://www.debian.org/security/2017/dsa-3796 - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2017:1161 - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
CWE | NVD-CWE-noinfo | |
First Time |
Redhat enterprise Linux Workstation
Redhat enterprise Linux Server Redhat jboss Core Services Debian debian Linux Netapp Netapp oncommand Unified Manager Netapp clustered Data Ontap Redhat enterprise Linux Server Aus Redhat enterprise Linux Desktop Redhat enterprise Linux Eus Redhat Debian Redhat enterprise Linux Redhat enterprise Linux Server Tus |
06 Jun 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Jun 2021, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Mar 2021, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Mar 2021, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2017-07-27 21:29
Updated : 2023-12-10 12:15
NVD link : CVE-2016-8743
Mitre link : CVE-2016-8743
CVE.ORG link : CVE-2016-8743
JSON object : View
Products Affected
debian
- debian_linux
redhat
- enterprise_linux_server_aus
- jboss_core_services
- enterprise_linux
- enterprise_linux_server_tus
- enterprise_linux_server
- enterprise_linux_workstation
- enterprise_linux_desktop
- enterprise_linux_eus
netapp
- oncommand_unified_manager
- clustered_data_ontap
apache
- http_server
CWE