National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Vulnerability Change Record for CVE-2016-8743

Change History

CVE Modified by [Source] - 7/28/2017 9:34:20 PM

Action Type Old Value New Value
Changed Description
---------------------------------------------------------------------- WARNING - a refinement exists for CVE-2016-8743 : theall/20170425-084430 (delay queue)!  Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.
Added Reference
http://www.securityfocus.com/bid/95077 [No Types Assigned]
Added Reference
http://www.securitytracker.com/id/1037508 [No Types Assigned]
Added Reference
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us [No Types Assigned]
Added Reference
https://security.gentoo.org/glsa/201701-36 [No Types Assigned]