CVE-2016-8743
Description
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
8.406
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update Apache to version 2.4.25 | Windows |
| Update Apache to version 2.2.31 | Windows |
| Multiple vulnerabilities fixed in Apache Apache 2.4.25 | Windows |
| Multiple vulnerabilities are fixed in Apache 2.4.2 | Windows |
| Vulnerabilities CVE-2016-4975,CVE-2016-5387,CVE-2016-8743 are fixed in Apache 2.2.3 | Windows |
| Vulnerabilities CVE-2020-11985,CVE-2017-9798,CVE-2017-12618,CVE-2016-8743 are fixed in IBM HTTP 9.0.0.3 | Windows |
| Vulnerabilities CVE-2016-8743 are fixed in IBM HTTP 8.5.5.12 | Windows |
| Vulnerabilities CVE-2016-8743 are fixed in IBM HTTP 8.0.0.14 | Windows |
| Multiple vulnerabilities are fixed in IBM HTTP 7.0.0.43 | Windows |
| Multiple vulnerabilities are fixed in IBM WebSphere 8.0.0.14 | Windows |
| Multiple vulnerabilities are fixed in IBM WebSphere 7.0.0.43 | Windows |
| Multiple vulnerabilities are fixed in IBM WebSphere 8.5.5.12 | Windows |
| Vulnerabilities CVE-2016-8743,CVE-2016-0360 are fixed in IBM WebSphere 9.0.0.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.2.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.2.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.3.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.3.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.4.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1 | Windows |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.6 - Reboot Automatically | Mac |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.6 Combo Update - Reboot Automatically | Mac |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.5 - Reboot Automatically | Mac |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.4 - Reboot Automatically | Mac |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.4 Combo Update - Reboot Automatically | Mac |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.3 | Mac |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.3 Combo Update | Mac |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.2 | Mac |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.2 Combo Update | Mac |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.1 | Mac |
| Multiple vulnerabilities are fixed in Security Update 2017-001 macOS High Sierra v10.13.1 | Mac |
| Multiple vulnerabilities are fixed in Security Update 2017-001 macOS High Sierra v10.13 | Mac |
| Apache HTTP server (USN-3279-1) apache2-bin_2.4.18-2ubuntu3.2_i386.deb | Linux |
| Apache HTTP server (USN-3279-1) apache2-bin_2.4.18-2ubuntu3.2_amd64.deb | Linux |
| Apache HTTP server (USN-3279-1) apache2-bin_2.4.18-2ubuntu4.1_i386.deb | Linux |
| Apache HTTP server (USN-3279-1) apache2-bin_2.4.18-2ubuntu4.1_amd64.deb | Linux |
| Apache HTTP server (USN-3279-1) apache2-bin_2.4.7-1ubuntu4.14_i386.deb | Linux |
| Apache HTTP server (USN-3279-1) apache2-bin_2.4.7-1ubuntu4.14_amd64.deb | Linux |
| apache2 security update(DSA-3796-1) apache2_2.4.10-10+deb8u8_i386.deb | Linux |
| apache2 security update(DSA-3796-1) apache2_2.4.10-10+deb8u8_kfreebsd-i386.deb | Linux |
| apache2 security update(DSA-3796-1) apache2_2.4.10-10+deb8u8_kfreebsd-amd64.deb | Linux |
| SUSE-SU-2018:2815-1(SUSE Linux Enterprise Server 12-SP3 ) apache2-2.4.23-29.24.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2815-1(SUSE Linux Enterprise Server 12-SP3 ) apache2-debuginfo-2.4.23-29.24.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2815-1(SUSE Linux Enterprise Server 12-SP3 ) apache2-debugsource-2.4.23-29.24.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2815-1(SUSE Linux Enterprise Server 12-SP3 ) apache2-doc-2.4.23-29.24.1.noarch.rpm | Linux |
| SUSE-SU-2018:2815-1(SUSE Linux Enterprise Server 12-SP3 ) apache2-example-pages-2.4.23-29.24.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2815-1(SUSE Linux Enterprise Server 12-SP3 ) apache2-prefork-2.4.23-29.24.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2815-1(SUSE Linux Enterprise Server 12-SP3 ) apache2-prefork-debuginfo-2.4.23-29.24.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2815-1(SUSE Linux Enterprise Server 12-SP3 ) apache2-utils-2.4.23-29.24.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2815-1(SUSE Linux Enterprise Server 12-SP3 ) apache2-utils-debuginfo-2.4.23-29.24.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2815-1(SUSE Linux Enterprise Server 12-SP3 ) apache2-worker-2.4.23-29.24.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2815-1(SUSE Linux Enterprise Server 12-SP3 ) apache2-worker-debuginfo-2.4.23-29.24.1.x86_64.rpm | Linux |
| SUSE-SU-2017:0801-1(SUSE Linux Enterprise Server 12-SP1 ) apache2-2.4.16-19.1.x86_64.rpm | Linux |
| SUSE-SU-2017:0801-1(SUSE Linux Enterprise Server 12-SP1 ) apache2-debuginfo-2.4.16-19.1.x86_64.rpm | Linux |
| SUSE-SU-2017:0801-1(SUSE Linux Enterprise Server 12-SP1 ) apache2-debugsource-2.4.16-19.1.x86_64.rpm | Linux |
| SUSE-SU-2017:0801-1(SUSE Linux Enterprise Server 12-SP1 ) apache2-doc-2.4.16-19.1.noarch.rpm | Linux |
| SUSE-SU-2017:0801-1(SUSE Linux Enterprise Server 12-SP1 ) apache2-example-pages-2.4.16-19.1.x86_64.rpm | Linux |
| SUSE-SU-2017:0801-1(SUSE Linux Enterprise Server 12-SP1 ) apache2-prefork-2.4.16-19.1.x86_64.rpm | Linux |
| SUSE-SU-2017:0801-1(SUSE Linux Enterprise Server 12-SP1 ) apache2-prefork-debuginfo-2.4.16-19.1.x86_64.rpm | Linux |
| SUSE-SU-2017:0801-1(SUSE Linux Enterprise Server 12-SP1 ) apache2-utils-2.4.16-19.1.x86_64.rpm | Linux |
| SUSE-SU-2017:0801-1(SUSE Linux Enterprise Server 12-SP1 ) apache2-utils-debuginfo-2.4.16-19.1.x86_64.rpm | Linux |
| SUSE-SU-2017:0801-1(SUSE Linux Enterprise Server 12-SP1 ) apache2-worker-2.4.16-19.1.x86_64.rpm | Linux |
| SUSE-SU-2017:0801-1(SUSE Linux Enterprise Server 12-SP1 ) apache2-worker-debuginfo-2.4.16-19.1.x86_64.rpm | Linux |
| (RHSA-2017:1721) httpd security and bug fix update httpd-2.2.15-60.el6_9.4.i686.rpm | Linux |
| (RHSA-2017:1721) httpd security and bug fix update httpd-2.2.15-60.el6_9.4.x86_64.rpm | Linux |
| (RHSA-2017:1721) httpd security and bug fix update httpd-devel-2.2.15-60.el6_9.4.i686.rpm | Linux |
| (RHSA-2017:1721) httpd security and bug fix update httpd-devel-2.2.15-60.el6_9.4.x86_64.rpm | Linux |
| (RHSA-2017:1721) httpd security and bug fix update httpd-manual-2.2.15-60.el6_9.4.noarch.rpm | Linux |
| (RHSA-2017:1721) httpd security and bug fix update httpd-tools-2.2.15-60.el6_9.4.i686.rpm | Linux |
| (RHSA-2017:1721) httpd security and bug fix update httpd-tools-2.2.15-60.el6_9.4.x86_64.rpm | Linux |
| (RHSA-2017:1721) httpd security and bug fix update mod_ssl-2.2.15-60.el6_9.4.i686.rpm | Linux |
| (RHSA-2017:1721) httpd security and bug fix update mod_ssl-2.2.15-60.el6_9.4.x86_64.rpm | Linux |
| Update Apache to version 2.4.25 (For Linux) | Linux |
| Update Apache to version 2.2.31 (For Linux) | Linux |
| Multiple vulnerabilities fixed in Apache Apache 2.4.25 (For Linux) | Linux |
| CVE-2016-8743 | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-601562 | macOS High Sierra 10.13.6 - Reboot Automatically |
| PATCH-601563 | macOS High Sierra 10.13.6 Combo Update - Reboot Automatically |
| PATCH-601563 | macOS High Sierra 10.13.6 Combo Update - Reboot Automatically |
| PATCH-601562 | macOS High Sierra 10.13.6 - Reboot Automatically |
| PATCH-601563 | macOS High Sierra 10.13.6 Combo Update - Reboot Automatically |
| PATCH-601562 | macOS High Sierra 10.13.6 - Reboot Automatically |
| PATCH-601563 | macOS High Sierra 10.13.6 Combo Update - Reboot Automatically |
| PATCH-601562 | macOS High Sierra 10.13.6 - Reboot Automatically |
| PATCH-601563 | macOS High Sierra 10.13.6 Combo Update - Reboot Automatically |
| PATCH-601562 | macOS High Sierra 10.13.6 - Reboot Automatically |
| PATCH-601312 | Security Update 2017-001 macOS High Sierra v10.13.1 |
| PATCH-601345 | Security Update 2017-001 macOS High Sierra v10.13 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234