CVE-2016-4975

Priority
Description
Possible CRLF injection allowing HTTP response splitting attacks for sites
which use mod_userdir. This issue was mitigated by changes made in 2.4.25
and 2.2.32 which prohibit CR or LF injection into the "Location" or other
outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected
2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).
Notes
mdeslaurfixed by CVE-2016-8743 commits
Package
Upstream:released (2.4.25)
Ubuntu 12.04 ESM (Precise Pangolin):released (2.2.22-1ubuntu1.12)
Ubuntu 14.04 ESM (Trusty Tahr):released (2.4.7-1ubuntu4.14)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.4.18-2ubuntu3.2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.4.29-1ubuntu4.2)
Ubuntu 19.04 (Disco Dingo):not-affected (2.4.34-1ubuntu1)
Ubuntu 19.10 (Eoan Ermine):not-affected (2.4.34-1ubuntu1)
More Information

Updated: 2019-12-05 21:08:19 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)