Mageia 8: 2023-0100 Moderate: Apache Request Smuggling Threats
mageia
March 18, 2023
Some mod_proxy configurations on Apache HTTP Server allow a HTTP request smuggling attack
Summary
Some mod_proxy configurations on Apache HTTP Server allow a HTTP request
smuggling attack. Configurations are affected when mod_proxy is enabled
along with some form of RewriteRule or ProxyPassMatch in which a
non-specific pattern matches some portion of the user-supplied
request-target (URL) data and is then re-inserted into the proxied
request-target using variable substitution. (CVE-2023-25690)
HTTP Response Smuggling vulnerability in Apache HTTP Server via
mod_proxy_uwsgi. This issue affects Apache HTTP Server. Special
characters in the origin response header can truncate/split the response
forwarded to the client. (CVE-2023-27522)
References
- https://bugs.mageia.org/show_bug.cgi?id=31644
- - https://www.cve.org/CVERecord?id=CVE-2023-25690
- https://www.cve.org/CVERecord?id=CVE-2023-27522
Resolution
SRPMS
- 8/core/apache-2.4.56-1.mga8
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Publication date: 18 Mar 2023
URL: https://advisories.mageia.org/MGASA-2023-0100.html
Type: security
CVE: CVE-2023-25690,
CVE-2023-27522
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!