Apache – CVE-2016-8743

Description

Cytrix has detected that the version of Apache HTTP Server being used is accepting whitespace characters from requests that are sent in response lines and headers.
Accepting these different behaviors represent a security concern when httpd participates in any chain of proxies or interacts with back-end application servers. Also known as CVE-2016-8743.

Through mod_proxy or using conventional CGI mechanisms, remote attackers could possibly abuse this flaw to inject data into HTTP responses, which results in proxy cache poisoning.
It could also lead to request smuggling and response splitting.

Severity/Score

CVSS Version 3.x – 7.5 High

Recommendation

To fix CVE-2016-8743, upgrade the version of Apache Server being used to either 2.2.32 or 2.4.25.

References

https://cwe.mitre.org/data/definitions/20.html

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743

< Return to all Vulnerabilities

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Read More »