CVE-2016-8743
apache2 - regression update
7.5
HIGH
CVSS 3.1
EPSS 9.8%
Description
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.
How to fix CVE-2016-8743
To remediate CVE-2016-8743, upgrade the affected package to a fixed version below.
- —upgrade to 2.4.25-1 or later
- —upgrade to 2.2.22-13+deb7u8 or later
- —upgrade to 2.2.22-13+deb7u11 or later
Is CVE-2016-8743 being exploited?
Moderate — EPSS is 9.8%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 2.4.25-1
- from 0, < 2.2.22-13+deb7u8
- from 0, < 2.2.22-13+deb7u11
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |