Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability

Apache HTTP Server is prone to a security-bypass vulnerability.

Successfully exploiting this issue may allow attackers to perform unauthorized actions. This may lead to other attacks.

Versions prior to Apache HTTP Server 2.4.25 are vulnerable.

Information

Bugtraq ID: 95077
Class: Unknown
CVE: CVE-2016-8743

Remote: Yes
Local: No
Published: Dec 20 2016 12:00AM
Updated: Apr 14 2017 08:05AM
Credit: David Dennerline at IBM Security's X-Force Researchers and Régis Leroy.
Vulnerable: Redhat Enterprise Linux Workstation Optional 7
Redhat Enterprise Linux Workstation 7
Redhat Enterprise Linux Server Optional 7
Redhat Enterprise Linux Server 7
Redhat Enterprise Linux ComputeNode Optional 7
Redhat Enterprise Linux Client Optional 7
Gentoo Linux
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Apple macOS 10.12.3
Apache Apache 2.4.23
Apache Apache 2.4.20
Apache Apache 2.4.19
Apache Apache 2.4.18
Apache Apache 2.4.17
Apache Apache 2.4.16
Apache Apache 2.4.14
Apache Apache 2.4.12
Apache Apache 2.4.11
Apache Apache 2.4.10
Apache Apache 2.4.5
Apache Apache 2.4.4
Apache Apache 2.3.16
Apache Apache 2.3.6
Apache Apache 2.3.5
Apache Apache 2.3.4
Apache Apache 2.3.2
Apache Apache 2.3.1
Apache Apache 2.3
Apache Apache 2.2.26
Apache Apache 2.2.25
Apache Apache 2.2.24
Apache Apache 2.2.23
Apache Apache 2.2.15
Apache Apache 2.2.14
Apache Apache 2.2.13
Apache Apache 2.2.12
Apache Apache 2.2.11
Apache Apache 2.2.10
Apache Apache 2.2.9
+ Adobe Flash Media Server 3.5.3
+ Adobe Flash Media Server 3.5.2
+ Adobe Flash Media Server 3.5.1
Apache Apache 2.2.8
Apache Apache 2.2.6
Apache Apache 2.2.5
Apache Apache 2.2.4
Apache Apache 2.2.3
Apache Apache 2.2.2
Apache Apache 2.2
Apache Apache 2.4.9
Apache Apache 2.4.8
Apache Apache 2.4.7
Apache Apache 2.4.6
Apache Apache 2.4.3
Apache Apache 2.4.24
Apache Apache 2.4.2
Apache Apache 2.4.13
Apache Apache 2.4.1
Apache Apache 2.4.1
Apache Apache 2.4.0
Apache Apache 2.3.8
Apache Apache 2.3.7
Apache Apache 2.3.3
Apache Apache 2.3.15
Apache Apache 2.3.14
Apache Apache 2.3.13
Apache Apache 2.3.12
Apache Apache 2.3.11
Apache Apache 2.3.10
Apache Apache 2.2.32
Apache Apache 2.2.29
Apache Apache 2.2.22
Apache Apache 2.2.21
Apache Apache 2.2.20
Apache Apache 2.2.19
Apache Apache 2.2.18
Apache Apache 2.2.17
Apache Apache 2.2.16
Apache Apache 2.2.1

Not Vulnerable: Apple Security Update 2017-001 Yosemite 0
Apple Security Update 2017-001 El Capitan 0
Apple macOS 10.12.4
Apache Apache 2.4.25

References:

• Apache httpd 2.4 vulnerabilities (Apache Software Foundation)
  
• Apache Software Foundation Homepage (Apache Software Foundation)
  

Source: www.securityfocus.com