What is CVE-2016-8743?

CVE-2016-8743 is a high-severity vulnerability in Apache Http_server. CVSS score: 7.5/10. Published 2017-07-27.

How severe is CVE-2016-8743?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2016-8743 known to be exploited?

22 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Http_server

CVE-2016-8743

Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd part…

EPSS: 0.098 (93.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

Apache Http_server
Apache Software Foundation Http Server — versions 2.2.0 to 2.2.31, 2.4.1 to 2.4.23
Netapp Clustered_data_ontap
Netapp Oncommand_unified_manager
Debian Debian_linux — versions 8.0, 9.0
Redhat Enterprise_linux — versions 6.0, 7.0
Redhat Enterprise_linux_desktop — versions 6.0, 7.0
Redhat Enterprise_linux_eus — versions 7.3, 7.4, 7.5
Redhat Enterprise_linux_server — versions 6.0, 7.0
Redhat Enterprise_linux_server_aus — versions 7.3, 7.4, 7.6

Public proof-of-concept exploits

References

security@apache.org (x_refsource_CONFIRM, Third Party Advisory)
security@apache.org (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
security@apache.org (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
security@apache.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK, Broken Link)
security@apache.org (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
security@apache.org (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
security@apache.org (x_refsource_CONFIRM, Third Party Advisory)
security@apache.org (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
security@apache.org (x_refsource_CONFIRM, Third Party Advisory)
security@apache.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2016-8743?: CVE-2016-8743 is a high-severity vulnerability in Apache Http_server. CVSS score: 7.5/10. Published 2017-07-27.
How severe is CVE-2016-8743?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2016-8743 known to be exploited?: 22 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.