Showing 1 - 3 of 3

CVE-2023-25690

Status Candidate

Overview

Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.

Related Files

Ubuntu Security Notice USN-5942-2: Posted Mar 23, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5942-2 - USN-5942-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding update for CVE-2023-25690 for Ubuntu 16.04 ESM. Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.; tags | advisory, remote, web, vulnerability; systems | linux, ubuntu; advisories | CVE-2023-25690; SHA-256 | 76128062e398a94f338e5b5896b18ac1f06e0038b125a0094a7badc90b9226a6; Download | Favorite | View

Debian Security Advisory 5376-1: Posted Mar 21, 2023; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5376-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service.; tags | advisory, web, denial of service, vulnerability; systems | linux, debian; advisories | CVE-2006-20001, CVE-2022-36760, CVE-2022-37436, CVE-2023-25690, CVE-2023-27522; SHA-256 | e7656527650776cefd2ce56651b8e7692943c0d30562f0041bf42d1330f3c976; Download | Favorite | View

Ubuntu Security Notice USN-5942-1: Posted Mar 10, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5942-1 - Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server mod_proxy_uwsgi module incorrectly handled certain special characters. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.; tags | advisory, remote, web; systems | linux, ubuntu; advisories | CVE-2023-25690, CVE-2023-27522; SHA-256 | 0f22b50d51736d91a24392b53b9af0e62d5ab5278530ed51984fdce34a00e57c; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 140 files
Ubuntu 105 files
Debian 17 files
LiquidWorm 10 files
Google Security Research 10 files
Rafael Pedrero 8 files
Abdulhakim Oner 8 files
Hubert Wojciechowski 6 files
nu11secur1ty 6 files
fearzzzz 5 files

File Archives

Systems

AIX (426)
Apple (1,951)
BSD (370)
CentOS (56)
Cisco (1,919)
Debian (6,713)
Fedora (1,691)
FreeBSD (1,242)
Gentoo (4,288)
HPUX (878)
iOS (338)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (45,119)
Mac OS X (684)
Mandriva (3,105)
NetBSD (256)
OpenBSD (482)
RedHat (12,919)
Slackware (941)
Solaris (1,609)
SUSE (1,444)
Ubuntu (8,442)
UNIX (9,207)
UnixWare (185)
Windows (6,532)
Other

CVE-2023-25690

Overview

Related Files

File Archive:

March 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems