Is CVE-2016-8743 fixed in Apache 2.4.18

Asked by Brent Shinn on 2017-04-07

My vulnerability scans come up with:

Apache HTTPD: Apache HTTP Request Parsing Whitespace Defects (CVE-2016-8743)

Then it recommends that we upgrade to Apache 2.4.25 where this problem is corrected. One of the developers here said that Canonical has probably aleady fixed this in 2.4.18, but I can find any information to corroborate that.

Is (CVE-2016-8743) fixed in 2.4.18, or should I just upgrade Apache to 2.4.25?

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu apache2 Edit question
Assignee:
No assignee Edit question
Solved by:
Manfred Hampl
Solved:
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said :
#1

https://launchpad.net/ubuntu/+source/apache2/+changelog

Doesn't seem so. I suggest you report a bug

Revision history for this message
Best Manfred Hampl (m-hampl) said :
#2
Revision history for this message
Brent Shinn (brents-z) said :
#3

Thanks for finding those for me.