Security
Headlines
HeadlinesLatestCVEs

Headline

Red Hat Security Advisory 2023-1547-01

Red Hat Security Advisory 2023-1547-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Packet Storm
#vulnerability#web#linux#red_hat#apache#ldap#sap#ssl

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: httpd:2.4 security update
Advisory ID: RHSA-2023:1547-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2023:1547
Issue date: 2023-04-03
CVE Names: CVE-2023-25690
====================================================================

  1. Summary:

An update for the httpd:2.4 module is now available for Red Hat Enterprise
Linux 8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64

  1. Description:

The httpd packages provide the Apache HTTP Server, a powerful, efficient,
and extensible web server.

Security Fix(es):

  • httpd: HTTP request splitting with mod_rewrite and mod_proxy
    (CVE-2023-25690)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

  1. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon will be restarted
automatically.

  1. Bugs fixed (https://bugzilla.redhat.com/):

2176209 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy

  1. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:
httpd-2.4.37-16.module+el8.1.0+18511+ffefe478.6.src.rpm
mod_http2-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.src.rpm

aarch64:
httpd-2.4.37-16.module+el8.1.0+18511+ffefe478.6.aarch64.rpm
httpd-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.aarch64.rpm
httpd-debugsource-2.4.37-16.module+el8.1.0+18511+ffefe478.6.aarch64.rpm
httpd-devel-2.4.37-16.module+el8.1.0+18511+ffefe478.6.aarch64.rpm
httpd-tools-2.4.37-16.module+el8.1.0+18511+ffefe478.6.aarch64.rpm
httpd-tools-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.aarch64.rpm
mod_http2-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.aarch64.rpm
mod_http2-debuginfo-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.aarch64.rpm
mod_http2-debugsource-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.aarch64.rpm
mod_ldap-2.4.37-16.module+el8.1.0+18511+ffefe478.6.aarch64.rpm
mod_ldap-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.aarch64.rpm
mod_md-2.4.37-16.module+el8.1.0+18511+ffefe478.6.aarch64.rpm
mod_md-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.aarch64.rpm
mod_proxy_html-2.4.37-16.module+el8.1.0+18511+ffefe478.6.aarch64.rpm
mod_proxy_html-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.aarch64.rpm
mod_session-2.4.37-16.module+el8.1.0+18511+ffefe478.6.aarch64.rpm
mod_session-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.aarch64.rpm
mod_ssl-2.4.37-16.module+el8.1.0+18511+ffefe478.6.aarch64.rpm
mod_ssl-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.aarch64.rpm

noarch:
httpd-filesystem-2.4.37-16.module+el8.1.0+18511+ffefe478.6.noarch.rpm
httpd-manual-2.4.37-16.module+el8.1.0+18511+ffefe478.6.noarch.rpm

ppc64le:
httpd-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm
httpd-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm
httpd-debugsource-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm
httpd-devel-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm
httpd-tools-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm
httpd-tools-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm
mod_http2-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.ppc64le.rpm
mod_http2-debuginfo-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.ppc64le.rpm
mod_http2-debugsource-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.ppc64le.rpm
mod_ldap-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm
mod_ldap-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm
mod_md-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm
mod_md-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm
mod_proxy_html-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm
mod_proxy_html-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm
mod_session-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm
mod_session-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm
mod_ssl-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm
mod_ssl-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm

s390x:
httpd-2.4.37-16.module+el8.1.0+18511+ffefe478.6.s390x.rpm
httpd-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.s390x.rpm
httpd-debugsource-2.4.37-16.module+el8.1.0+18511+ffefe478.6.s390x.rpm
httpd-devel-2.4.37-16.module+el8.1.0+18511+ffefe478.6.s390x.rpm
httpd-tools-2.4.37-16.module+el8.1.0+18511+ffefe478.6.s390x.rpm
httpd-tools-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.s390x.rpm
mod_http2-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.s390x.rpm
mod_http2-debuginfo-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.s390x.rpm
mod_http2-debugsource-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.s390x.rpm
mod_ldap-2.4.37-16.module+el8.1.0+18511+ffefe478.6.s390x.rpm
mod_ldap-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.s390x.rpm
mod_md-2.4.37-16.module+el8.1.0+18511+ffefe478.6.s390x.rpm
mod_md-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.s390x.rpm
mod_proxy_html-2.4.37-16.module+el8.1.0+18511+ffefe478.6.s390x.rpm
mod_proxy_html-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.s390x.rpm
mod_session-2.4.37-16.module+el8.1.0+18511+ffefe478.6.s390x.rpm
mod_session-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.s390x.rpm
mod_ssl-2.4.37-16.module+el8.1.0+18511+ffefe478.6.s390x.rpm
mod_ssl-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.s390x.rpm

x86_64:
httpd-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm
httpd-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm
httpd-debugsource-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm
httpd-devel-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm
httpd-tools-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm
httpd-tools-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm
mod_http2-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.x86_64.rpm
mod_http2-debuginfo-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.x86_64.rpm
mod_http2-debugsource-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.x86_64.rpm
mod_ldap-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm
mod_ldap-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm
mod_md-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm
mod_md-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm
mod_proxy_html-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm
mod_proxy_html-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm
mod_session-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm
mod_session-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm
mod_ssl-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm
mod_ssl-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2023-25690
https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBZCtB1NzjgjWX9erEAQgaeA//flKzR9g5B8lhlvK+onhYUdiY9If2qpe8
9RWbjE4IXcZkmuHb2N2WLmeM/ImH/hwJGLnBZV5r9ZafS53nNVK3liQTzPtL0uvV
EwWhRT79rNtWpDdx3XeVcYyBs525HYBPTPdvpSZ1Y8B32vQOQ9FUnz+ArHsUQo3j
IEHabT6mw4YqJ6k9yy7qylTwkEahADOfQYW2X9oTiAv7577JYMWnys7r/w0I/Me5
cbejAwqsjXHcuei5d5TS1FJ0aMdcmomzbqp/jfe3FNENyvqQLet216YnF5kJCkdw
o6SU5aDRuyxDmaDwQUnE+80g07tN2olZSIkedzXzjNjMdcWycgAwjyFjGqzKCpcN
9s24p+rPOtv/uT2rOvgQLhb+QYz7Os6OL/Yrg3PPi8OEgvmGV5u3S3uBjxaLBfEG
WaTuAoRvgDx3GnPWXYu5eih5q+/QoTpaCd+PsqyHA/5R/Y80WC5lXfpbZ7fY7xoE
g7QypCS7fe581+BKboSrqQ/qodMDiOtAz5jbYrcfc2hpifIHuhBDiqyo+CinIFDD
bdBaZOO84J9+x+GEIKGNghKMKT7Ibd6mMSwsT4yNiZ1Ix8gTwixaphyP58gClL3K
49BKv5O6Behq+YJp/kk52uIaYUHbpsMzVqB4QaoslcEn70Tqy+Gjgm2I2QFepKsV
25+LyDieCVY=jzEb
-----END PGP SIGNATURE-----

RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Related news

Gentoo Linux Security Advisory 202309-01

Gentoo Linux Security Advisory 202309-1 - Multiple vulnerabilities have been discovered in Apache HTTPD, the worst of which could result in denial of service. Versions greater than or equal to 2.4.56 are affected.

RHSA-2023:3354: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update

An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 on Red Hat Enterprise Linux versions 7 and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the Open...

RHSA-2023:3355: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update

Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficien...

Red Hat Security Advisory 2023-3292-01

Red Hat Security Advisory 2023-3292-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

RHSA-2023:3292: Red Hat Security Advisory: httpd24-httpd security update

An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-suppli...

RHSA-2023:1916: Red Hat Security Advisory: httpd and mod_http2 security update

An update for httpd and mod_http2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches s...

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

Red Hat Security Advisory 2023-1670-01

Red Hat Security Advisory 2023-1670-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

RHSA-2023:1672: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations a...

RHSA-2023:1673: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-s...

RHSA-2023:1670: Red Hat Security Advisory: httpd and mod_http2 security update

An update for httpd and mod_http2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-su...

Red Hat Security Advisory 2023-1597-01

Red Hat Security Advisory 2023-1597-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

RHSA-2023:1597: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches ...

RHSA-2023:1593: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request...

RHSA-2023:1596: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches ...

RHSA-2023:1547: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific patter...

Ubuntu Security Notice USN-5942-2

Ubuntu Security Notice 5942-2 - USN-5942-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding update for CVE-2023-25690 for Ubuntu 16.04 ESM. Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.

Debian Security Advisory 5376-1

Debian Linux Security Advisory 5376-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service.

Ubuntu Security Notice USN-5942-1

Ubuntu Security Notice 5942-1 - Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server mod_proxy_uwsgi module incorrectly handled certain special characters. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution