6.1
CVSSv3

CVE-2016-4975

Published: 14/08/2018 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 389
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server 2.2.23

apache http server 2.4.1

apache http server 2.4.20

apache http server 2.2.11

apache http server 2.2.0

apache http server 2.2.31

apache http server 2.2.10

apache http server 2.4.6

apache http server 2.2.13

apache http server 2.2.2

apache http server 2.4.12

apache http server 2.2.4

apache http server 2.2.17

apache http server 2.2.16

apache http server 2.2.21

apache http server 2.4.3

apache http server 2.4.23

apache http server 2.2.8

apache http server 2.4.4

apache http server 2.4.10

apache http server 2.4.7

apache http server 2.2.14

apache http server 2.2.24

apache http server 2.2.25

apache http server 2.2.6

apache http server 2.2.22

apache http server 2.2.19

apache http server 2.2.27

apache http server 2.2.9

apache http server 2.4.18

apache http server 2.2.18

apache http server 2.2.12

apache http server 2.2.29

apache http server 2.2.3

apache http server 2.4.2

apache http server 2.2.15

apache http server 2.2.20

apache http server 2.4.17

apache http server 2.4.16

apache http server 2.4.9

apache http server 2.2.26

Vendor Advisories

It was found that Apache was vulnerable to a HTTP response splitting attack for sites which use mod_userdir An attacker could use this flaw to inject CRLF characters into the HTTP header and could possibly gain access to secure data ...
Synopsis Moderate: Red Hat JBoss Core Services Apache HTTP Server 2429 RHEL 6 security update Type/Severity Security Advisory: Moderate Topic Red Hat JBoss Core Services Pack Apache Server 2429 packages are now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this release as h ...
Synopsis Moderate: Red Hat JBoss Core Services Apache HTTP Server 2429 RHEL 7 security update Type/Severity Security Advisory: Moderate Topic Red Hat JBoss Core Services Pack Apache Server 2429 packages are now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this release as ...
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2429 security update Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services Pack Apache Server 2429 packages for Microsoft Windows and Oracle Solaris are now availableRed Hat Product Security has rated this release ...

Github Repositories

CRLF ######See my CRLF Nuclei Template also Prefer CRLF injection where Location tag is included CRLF injection vimeoprocom CRLF Injection #Always check only using %0d or %0a HTTP Response Splitting (CRLF injection) in report_story CRLF injection on wwwstarbuckscom CRLF Injection on ███████ playskillboxru CRLF Injection CRLF Injection at vpnbitstripscom CRL

A Web Pentest CheetSheet

Cheetsheet Pentest Reconocimiento Información básica Con herramientas como whatweb podemos hacer un reconocimiento inicial del sitio web para obtener información como la IP, el SO del servidor, en que país está este alojado o alguna vulnerabilidad básica, como XSS └─$ whatweb <URL> 3522724107/d6a05ac5cf/ [20

DC-3 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing. As with the previous DC releases, this one is designed with beginners in mind, although this time around, there is only one flag, one entry point and no clues at all.

DC 3: Vulnhub Walkthrough DESCRIPTION: DC-3 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing As with the previous DC releases, this one is designed with beginners in mind, although this time around, there is only one flag, one entry point and no clues at all Linux skills and familiarity with the Linux command

DC-1 is a purposely built vulnerable lab for the purpose of gaining experience in the world of penetration testing. It was designed to be a challenge for beginners, but just how easy it is will depend on your skills and knowledge, and your ability to learn.

DC 1: Vulnhub Walkthrough DESCRIPTION: DC-1 is a purposely built vulnerable lab for the purpose of gaining experience in the world of penetration testing It was designed to be a challenge for beginners, but just how easy it is will depend on your skills and knowledge, and your ability to learn To successfully complete this challenge, you will require Linux skills, familiarity

DC-2 is a purposely built vulnerable lab for the purpose of gaining experience in the world of penetration testing. It was designed to be a challenge for beginners, but just how easy it is will depend on your skills and knowledge, and your ability to learn. To successfully complete this challenge, you will require Linux skills, familiarity with …

DC-2: Vulnhub Walkthrough Description: DC-2 is a purposely built vulnerable lab for the purpose of gaining experience in the world of penetration testing It was designed to be a challenge for beginners, but just how easy it is will depend on your skills and knowledge, and your ability to learn To successfully complete this challenge, you will require Linux skills, familiarity

Fast IP Lookups for Open Ports and Vulnerabilities

internetdb Fast IP Lookups for Open Ports and Vulnerabilities Description Shodan shodanio/ scans the internet for hosts and services and maintains a few APIs into that data One API is the InternetDB internetdbshodanio/, which allows for free querying of open ports and vulnerabilities Tools are provided to query this servce What’s Inside The Tin The f

A python tool to quickly analyze all IPs and see which ones have open ports and vulnerabilities

Strike A python tool to quickly analyze all IPs and see which ones have open ports and vulnerabilities Installation apt-get install python3 git clone githubcom/SecureAxom/strike cd strike pip3 install -r requirementstxt python3 strikepy Usages python3 strikepy -h python3 strikepy -t 20891

Skynet Nmap: Sprawdzam co mogę znaleść za pomocą narzędzia nmap Nmap pokazuje mi otwarte porty i dostępne usługi ─$ sudo nmap -Pn -A -sV --script=default,vuln -p- --open -oA Skynet_nmap 10103727 [sudo] password for kali: Starting Nmap 794 ( nmaporg ) at 2023-06-29 03:53 EDT Nmap scan report for 10103727 Host is up (0081s latency) Not shown: 65529

hackerone one million reports

hackerone-publicy-disclosed hackerone one million reports hackeronecom/reports/120 | Missing SPF for hackeronecom hackeronecom/reports/280 | Real impersonation hackeronecom/reports/284 | Broken Authentication and session management OWASP A2 hackeronecom/reports/288 | Session Management hackeronecom/reports/298 | RTL override sy

Shodan search tool with api

Shodan Search Script Shodan script for easy search on Shodan First by first you need CHANGE API KEY, with your API key in code Usage; python3 shodanScriptpy -f dorkListtxt python3 shodanScriptpy -k "net:'21021400/16'" python3 shodanScriptpy -k "httptitle:'ID_VC_Welcome' country:'tr'"

This is a boot2root VM and is a continuation of the Basic Pentesting series. This series is designed to help newcomers to penetration testing develop pentesting skills and have fun exploring part of the offensive side of security. VirtualBox is the recommended platform for this challenge (though it should also work with VMware -- however, I have…

Basic-Pentesting-2 DESCRIPTION: This is a boot2root VM and is a continuation of the Basic Pentesting series This series is designed to help newcomers to penetration testing develop pentesting skills and have fun exploring part of the offensive side of security VirtualBox is the recommended platform for this challenge (though it should also work with VMware -- however, I have

This is a boot2root VM and is a continuation of the Basic Pentesting series. This series is designed to help newcomers to penetration testing develop pentesting skills and have fun exploring part of the offensive side of security. VirtualBox is the recommended platform for this challenge (though it should also work with VMware -- however, I have…

Basic-Pentesting-2 DESCRIPTION: This is a boot2root VM and is a continuation of the Basic Pentesting series This series is designed to help newcomers to penetration testing develop pentesting skills and have fun exploring part of the offensive side of security VirtualBox is the recommended platform for this challenge (though it should also work with VMware -- however, I have

Домашнее задание к занятию "Уязвимости и атаки на информационные системы" - Никулин Михаил Сергеевич Задание 1 ┌──(kali㉿kali)-[~] └─$ nmap -A --script vulnersnse 1921680169 Starting Nmap 793 ( nmaporg ) at 2023-04-10 13:43 EDT Nmap scan report for 192

Домашнее задание к занятию "131 «Уязвимости и атаки на информационные системы»" - Живарев Игорь Задание 1 Разрешённые сетевые службы: Обнаруженные уязвимости при агресивном сканировании: Обнаруж

whitehat nmap -sV --script vuln 192168123162 output Starting Nmap 793 ( nmaporg ) at 2022-12-25 15:11 EST Pre-scan script results: | broadcast-avahi-dos: | Discovered hosts: | 22400251 | After NULL UDP avahi packet DoS (CVE-2011-1002) |_ Hosts are all up (not vulnerable) Nmap scan report for 192168123162 Host is up (000025s latency) Not shown: 97

Домашнее задание к занятию 131 «Уязвимости и атаки на информационные системы» — Александр Гумлевой Задание 1 Скачайте и установите виртуальную машину Metasploitable: sourceforgenet/projects/metasploitable/ Это типовая

Задание 1 Скачайте и установите виртуальную машину Metasploitable: sourceforgenet/projects/metasploitable/ Это типовая ОС для экспериментов в области информационной безопасности, с которой следует начать при анализе уязвимост

Nmap-Scans-M2 Description This project is split into three repositories where this repository will provide the documentation of performing necessary Nmap scans to identify the vulnerabilities(CVEs) which are present in the targeted virtual machine The Kali Linux distro is utilized to perform the network scans Nmap is a powerful open source security auditing and network sca

essential templates for kenzer [DEPRECATED]

Kenzer Templates [5170] [DEPRECATED] TEMPLATE TOOL FILE favinizer favinizer favinizeryaml CVE-2013-2251 freaker freaker/exploits/CVE-2013-2251/exploitsh CVE-2017-6360 freaker freaker/exploits/CVE-2017-6360/exploitsh CVE-2017-6361 freaker freaker/exploits/CVE-2017-6361/exploitsh CVE-2017-7921 freaker freaker/exploits/CVE-2017-7921/exploitsh CVE-2018-11784 f

References

CWE-93https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975http://www.securityfocus.com/bid/105093https://security.netapp.com/advisory/ntap-20180926-0006/https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_ushttps://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3Ehttps://github.com/tom-riddle0/CRLFhttps://nvd.nist.govhttps://github.com/MrFrozenPepe/Pentest-Cheetsheethttps://access.redhat.com/security/cve/cve-2016-4975