SUSE-SU-2018:2554-1

Advisory lineage Upstream: 2 Downstream: 0
Published: 30 Aug 2018, 06:44
Last modified:02 May 2025, 04:05

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

30 Aug 2018, 06:44
Published
Vulnerability first disclosed
02 May 2025, 04:05
Last Modified
Vulnerability information updated

Description

Security update for apache2 This update for apache2 fixes the following issues: Security issues fixed: - CVE-2016-8743: Fixed liberal whitespace interpretation accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. (bsc#1016715) - CVE-2016-4975: Fixed possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes which prohibit CR or LF injection into the 'Location' or other outbound header key or value. (bsc#1104826)

Affected Systems

  • suseapache2&distro=SUSE Linux Enterprise Server 12 SP1-LTSS

    < 2.4.16-20.19.1

  • suseapache2&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP1

    < 2.4.16-20.19.1

References (5)