CVE-2016-8743

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.2.32 and 2.4.25

Description The issue is related to the improper handling of data by the Apache HTTP Server, which was liberal in accepting whitespace from requests and sending it in response lines and headers. This behavior poses a security concern when the server participates in a chain of proxies or interacts with back-end application servers, potentially leading to request smuggling, response splitting, and cache pollution.

Recommendations For versions prior to 2.2.32 and 2.4.25, update to version 2.2.32 or 2.4.25, or later, which includes the new directive HttpProtocolOptions Strict to address these defects. As a temporary workaround, consider using the HttpProtocolOptions directive with the Strict option to enforce stricter HTTP protocol compliance. Restrict access to the server until the update can be applied to minimize the risk of exploitation.