F5 Networks BIG-IP : Apache vulnerability (K00373024)
Medium Nessus Plugin ID 110056
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionApache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. (CVE-2016-8743)
An attacker may be able to perform HTTP request smuggling through specially crafted HTTP requests. For more information about HTTP request smuggling, refer to Section 9.5 Request Smuggling of Internet Engineering Task Force (RFC 7230).
Note : This link takes you to a resource outside of AskF5. The third party could remove the document without our knowledge.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K00373024.