SUSE-SU-2018:2815-1

Advisory lineage Upstream: 2 Downstream: 0
Published: 24 Sept 2018, 06:07
Last modified:04 Feb 2026, 03:25

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

24 Sept 2018, 06:07
Published
Vulnerability first disclosed
04 Feb 2026, 03:25
Last Modified
Vulnerability information updated

Description

Security update for apache2 This update for apache2 fixes the following issues: Security issues fixed: - CVE-2016-8743: Fixed liberal whitespace interpretation accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. (bsc#1016715) - CVE-2016-4975: Fixed possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes which prohibit CR or LF injection into the 'Location' or other outbound header key or value. (bsc#1104826)

Affected Systems

  • suseapache2&distro=SUSE Enterprise Storage 4

    < 2.4.23-29.24.1

  • suseapache2&distro=SUSE Linux Enterprise Server 12 SP2-LTSS

    < 2.4.23-29.24.1

  • suseapache2&distro=SUSE Linux Enterprise Server 12 SP3

    < 2.4.23-29.24.1

  • suseapache2&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP2

    < 2.4.23-29.24.1

  • suseapache2&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP3

    < 2.4.23-29.24.1

  • suseapache2&distro=SUSE Linux Enterprise Software Development Kit 12 SP3

    < 2.4.23-29.24.1

  • suseapache2&distro=SUSE OpenStack Cloud 7

    < 2.4.23-29.24.1

References (5)