CVE-2016-4975
MEDIUM NUCLEIApache HTTP Server <2.4.24, <2.2.32 - CRLF Injection
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2016-4975. PoCs published by BlackFan. A Nuclei detection template is also available.
AI-analyzed exploit summary The repository provides a technical writeup detailing CRLF injection vulnerabilities in Apache httpd's mod_userdir module. It includes configuration snippets and HTTP request examples demonstrating how to exploit the vulnerability to inject arbitrary headers.
Description
Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).
Exploits (1)
github
WRITEUP
21 stars
by BlackFan · poc
https://github.com/BlackFan/CVE_PoCs/tree/master/CVE-2016-4975 (Apache httpd)
The repository provides a technical writeup detailing CRLF injection vulnerabilities in Apache httpd's mod_userdir module. It includes configuration snippets and HTTP request examples demonstrating how to exploit the vulnerability to inject arbitrary headers.
Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target:
Apache httpd 2.2.0-2.2.31, 2.4.1-2.4.23
No auth needed
Prerequisites:
Apache httpd with mod_userdir enabled · Ability to send crafted HTTP requests
MITRE ATT&CK
devstral-2 · analyzed Feb 27, 2026
Full analysis →
Nuclei Templates (1)
Apache mod_userdir CRLF injection
MEDIUMby melbadry9,nadino,xElkomy
Shodan:
cpe:"cpe:2.3:a:apache:http_server" || apache 2.4.49
References (24)
Core 24
Core References
Vendor Advisory x_refsource_confirm
https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105093
Vendor Advisory x_refsource_confirm
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20180926-0006/
Vendor Advisory x_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E
Scores
CVSS v3
6.1
EPSS
0.1980
EPSS Percentile
97.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-93
Status
published
Products (41)
apache/http_server
2.2.0
apache/http_server
2.2.2
apache/http_server
2.2.3
apache/http_server
2.2.4
apache/http_server
2.2.6
apache/http_server
2.2.8
apache/http_server
2.2.9
apache/http_server
2.2.10
apache/http_server
2.2.11
apache/http_server
2.2.12
... and 31 more
Published
Aug 14, 2018
Tracked Since
Feb 18, 2026