CVE-2025-39452 WordPress WPCafe plugin <= 2.2.32 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Themewinter WPCafe allows PHP Local File Inclusion. This issue affects WPCafe: from n/a through 2.2.32...

SUSE CVE-2016-4975

Possible CRLF injection allowing HTTP response splitting attacks for sites which use moduserdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 Affected...

Apache HTTP Server CRLF Injection Vulnerability (Dec 2016) - Linux

Apache HTTP Server is prone to a CRLF injection vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...

Internet Bug Bounty: mod_userdir CRLF injection (CVE-2016-4975)

Possible CRLF injection allowing HTTP response splitting attacks for sites which use moduserdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Reported to security team 24th July 2016 Issu...

CVE-2016-4975

CVE-2016-4975: Apache HTTP Server is vulnerable to CRLF injection in mod_userdir causing HTTP response splitting. Affected: 2.4.1–2.4.23. Mitigation/fix: upgrade to Apache HTTP Server 2.4.25 (and 2.2.32 for the 2.2 line). The issue is resolved by changes that prohibit CR or LF injection into head...

DEBIAN-CVE-2016-4975

Possible CRLF injection allowing HTTP response splitting attacks for sites which use moduserdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 Affected...

SUSE SLES11 Security Update : apache2 (SUSE-SU-2017:1997-1)

This update provides apache2 2.2.34, which brings many fixes and enhancements: Security issues fixed : - CVE-2017-9788: Uninitialized memory reflection in modauthdigest. bsc1048576 Bug fixes : - Remove /usr/bin/http2 link only during package uninstall, not upgrade. bsc1041830 - Don't put the...

CVE-2016-8743

Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-en...

CVE-2016-8743

Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-en...

Apache HTTP Server Denial-Of-Service Vulnerability (Jun 2017) - Linux

Apache HTTP Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PT-2017-2867 · Apache +5 · Apache Http Server +5

Name of the Vulnerable Software and Affected Versions: Apache httpd versions 2.2.x through 2.2.32 Apache httpd versions 2.4.x through 2.4.25 Description: The issue is caused by a buffer overflow in the mod mime module when handling a malicious Content-Type response header. This can allow a remote...

Apache Httpd < 2.2.32 : mod_userdir CRLF injection

Possible CRLF injection allowing HTTP response splitting attacks for sites which use moduserdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value...