Vulnerability Database

296,138

Total vulnerabilities in the database

CVE-2016-2161

In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.

Published: Jul 27, 2017
Updated: Apr 13, 2023
CVE: CVE-2016-2161
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
apache / http_server	2.4.1	2.4.1.x
apache / http_server	2.4.20	2.4.20.x
apache / http_server	2.4.6	2.4.6.x
apache / http_server	2.4.0	2.4.0.x
apache / http_server	2.4.12	2.4.12.x
apache / http_server	2.4.3	2.4.3.x
apache / http_server	2.4.23	2.4.23.x
apache / http_server	2.4.8	2.4.8.x
apache / http_server	2.4.10	2.4.10.x
apache / http_server	2.4.7	2.4.7.x
apache / http_server	2.4.14	2.4.14.x
apache / http_server	2.4.22	2.4.22.x
apache / http_server	2.4.2	2.4.2.x
apache / http_server	2.4.19	2.4.19.x
apache / http_server	2.4.16	2.4.16.x
apache / http_server	2.4.9	2.4.9.x
apache / http_server	2.4.21	2.4.21.x