Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.
http://rhn.redhat.com/errata/RHSA-2017-1415.html
http://www.debian.org/security/2017/dsa-3796
http://www.securityfocus.com/bid/95077
http://www.securitytracker.com/id/1037508
https://access.redhat.com/errata/RHSA-2017:0906
https://access.redhat.com/errata/RHSA-2017:1161
https://access.redhat.com/errata/RHSA-2017:1413
https://access.redhat.com/errata/RHSA-2017:1414
https://access.redhat.com/errata/RHSA-2017:1721
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03753en_us
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://security.gentoo.org/glsa/201701-36
https://security.netapp.com/advisory/ntap-20180423-0001/
Source: MITRE
Published: 2017-07-27
Updated: 2021-03-30
Type: CWE-19
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Impact Score: 3.6
Exploitability Score: 3.9
Severity: HIGH
OR
cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
144777 | IBM HTTP Server 7.0.0.0 < 7.0.0.43 / 8.0.0.0 < 8.0.0.14 / 8.5.0.0 < 8.5.5.12 / 9.0.0.0 < 9.0.0.3 Response Splitting (289001) | Nessus | Web Servers | medium |
127360 | NewStart CGSL MAIN 4.05 : httpd Multiple Vulnerabilities (NS-SA-2019-0118) | Nessus | NewStart CGSL Local Security Checks | critical |
124922 | EulerOS Virtualization 3.0.1.0 : httpd (EulerOS-SA-2019-1419) | Nessus | Huawei Local Security Checks | high |
700511 | macOS < 10.13 Multiple Vulnerabilities | Nessus Network Monitor | Operating System Detection | critical |
98910 | Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (httpoxy) | Web Application Scanning | Component Vulnerability | medium |
119218 | Virtuozzo 6 : httpd / httpd-devel / httpd-manual / httpd-tools / etc (VZLSA-2017-1721) | Nessus | Virtuozzo Local Security Checks | medium |
118291 | SUSE SLES12 Security Update : apache2 (SUSE-SU-2018:2815-2) | Nessus | SuSE Local Security Checks | medium |
117789 | openSUSE Security Update : apache2 (openSUSE-2018-1046) | Nessus | SuSE Local Security Checks | medium |
117695 | SUSE SLES12 Security Update : apache2 (SUSE-SU-2018:2815-1) | Nessus | SuSE Local Security Checks | medium |
117316 | RHEL 6 : JBoss Core Services (RHSA-2017:1414) | Nessus | Red Hat Local Security Checks | high |
117315 | RHEL 7 : JBoss Core Services (RHSA-2017:1413) | Nessus | Red Hat Local Security Checks | high |
112199 | SUSE SLES12 Security Update : apache2 (SUSE-SU-2018:2554-1) | Nessus | SuSE Local Security Checks | medium |
110056 | F5 Networks BIG-IP : Apache vulnerability (K00373024) | Nessus | F5 Networks Local Security Checks | medium |
108520 | Juniper Junos Space < 17.2R1 Multiple Vulnerabilities (JSA10838) | Nessus | Junos Local Security Checks | critical |
104379 | macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004) | Nessus | MacOS X Local Security Checks | critical |
103598 | macOS < 10.13 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | critical |
103530 | HP System Management Homepage < 7.6.1 Multiple Vulnerabilities (HPSBMU03753) | Nessus | Web Servers | medium |
102178 | Amazon Linux AMI : httpd24 (ALAS-2017-863) | Nessus | Amazon Linux Local Security Checks | high |
101488 | CentOS 6 : httpd (CESA-2017:1721) | Nessus | CentOS Local Security Checks | medium |
101445 | Virtuozzo 7 : httpd / httpd-devel / httpd-manual / httpd-tools / etc (VZLSA-2017-0906) | Nessus | Virtuozzo Local Security Checks | medium |
101387 | Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20170711) | Nessus | Scientific Linux Local Security Checks | medium |
101385 | RHEL 6 : httpd (RHSA-2017:1721) | Nessus | Red Hat Local Security Checks | medium |
101382 | Oracle Linux 6 : httpd (ELSA-2017-1721) | Nessus | Oracle Linux Local Security Checks | medium |
101044 | Tenable SecurityCenter Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (TNS-2017-04) (httpoxy) | Nessus | Misc. | high |
101004 | Amazon Linux AMI : httpd (ALAS-2017-851) | Nessus | Amazon Linux Local Security Checks | medium |
100098 | Ubuntu 14.04 LTS / 16.04 LTS / 16.10 : apache2 vulnerabilities (USN-3279-1) | Nessus | Ubuntu Local Security Checks | medium |
99952 | EulerOS 2.0 SP2 : httpd (EulerOS-SA-2017-1086) | Nessus | Huawei Local Security Checks | medium |
99951 | EulerOS 2.0 SP1 : httpd (EulerOS-SA-2017-1085) | Nessus | Huawei Local Security Checks | medium |
99930 | Oracle Secure Global Desktop Multiple Vulnerabilities (April 2017 CPU) (SWEET32) | Nessus | Misc. | high |
99379 | CentOS 7 : httpd (CESA-2017:0906) | Nessus | CentOS Local Security Checks | medium |
99350 | Scientific Linux Security Update : httpd on SL7.x x86_64 (20170412) | Nessus | Scientific Linux Local Security Checks | medium |
99340 | RHEL 7 : httpd (RHSA-2017:0906) | Nessus | Red Hat Local Security Checks | medium |
99329 | Oracle Linux 7 : httpd (ELSA-2017-0906) | Nessus | Oracle Linux Local Security Checks | medium |
99155 | openSUSE Security Update : apache2 (openSUSE-2017-417) | Nessus | SuSE Local Security Checks | medium |
99154 | openSUSE Security Update : apache2 (openSUSE-2017-416) | Nessus | SuSE Local Security Checks | medium |
99134 | macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy) | Nessus | MacOS X Local Security Checks | critical |
97916 | SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:0801-1) | Nessus | SuSE Local Security Checks | medium |
97912 | SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:0797-1) | Nessus | SuSE Local Security Checks | medium |
97831 | SUSE SLES11 Security Update : apache2 (SUSE-SU-2017:0729-1) | Nessus | SuSE Local Security Checks | medium |
97726 | Tenable SecurityCenter 5.x < 5.4.3 Multiple Vulnerabilities (TNS-2017-04) (httpoxy) | Nessus | Misc. | medium |
97438 | Debian DLA-841-2 : apache2 regression update | Nessus | Debian Local Security Checks | medium |
97400 | Debian DSA-3796-1 : apache2 - security update | Nessus | Debian Local Security Checks | medium |
9908 | Apache HTTP Server 2.4.x < 2.4.25 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | medium |
96631 | Amazon Linux AMI : httpd24 (ALAS-2017-785) | Nessus | Amazon Linux Local Security Checks | medium |
96516 | GLSA-201701-36 : Apache: Multiple vulnerabilities (httpoxy) | Nessus | Gentoo Local Security Checks | medium |
96451 | Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (httpoxy) | Nessus | Web Servers | medium |
96450 | Apache 2.2.x < 2.2.32 Multiple Vulnerabilities (httpoxy) | Nessus | Web Servers | medium |
96114 | Fedora 24 : httpd (2016-d22f50d985) | Nessus | Fedora Local Security Checks | medium |
96111 | Fedora 25 : httpd (2016-8d9b62c784) | Nessus | Fedora Local Security Checks | medium |
96090 | Slackware 14.0 / 14.1 / 14.2 / current : httpd (SSA:2016-358-01) (httpoxy) | Nessus | Slackware Local Security Checks | medium |
96037 | FreeBSD : Apache httpd -- several vulnerabilities (862d6ab3-c75e-11e6-9f98-20cf30e32f6d) (httpoxy) | Nessus | FreeBSD Local Security Checks | medium |
9486 | Apache HTTP Server 2.2.x < 2.2.32 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | medium |