Apache Httpd < None: mod_userdir CRLF injection

ID HTTPD:D94ACD37B5627A621B2D592BD44873F2
Type httpd
Reporter The issue was discovered by Sergey Bobrov
Modified 2018-08-14T00:00:00


Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value.