Apache Httpd < None: mod_userdir CRLF injection

2016-07-24T00:00:00
ID HTTPD:D94ACD37B5627A621B2D592BD44873F2
Type httpd
Reporter The issue was discovered by Sergey Bobrov
Modified 2018-08-14T00:00:00

Description

Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value.