Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:1547: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution.
Red Hat Security Data
#vulnerability#web#linux#red_hat#apache#nodejs#js#java#kubernetes#ldap#aws#sap#ssl

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

发布:

2023-04-03

已更新:

2023-04-03

RHSA-2023:1547 - Security Advisory

  • 概述
  • 更新的软件包

概述

Important: httpd:2.4 security update

类型/严重性

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

标题

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

  • httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

解决方案

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon will be restarted automatically.

受影响的产品

  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64

修复

  • BZ - 2176209 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy

参考

  • https://access.redhat.com/security/updates/classification/#important

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1

SRPM

httpd-2.4.37-16.module+el8.1.0+18511+ffefe478.6.src.rpm

SHA-256: dfb88ceebb3d4d3dd385b9bbfd55d1e77a926529f6ba2972fad9b190edcb70e6

mod_http2-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.src.rpm

SHA-256: bc819bb5fcce08bf16b5f2a257c45a4f68da62e7947cdd1f98ed6b8cd0dbc976

ppc64le

httpd-filesystem-2.4.37-16.module+el8.1.0+18511+ffefe478.6.noarch.rpm

SHA-256: 0e92bb5352ca348bf492a3d88b63e874f7c3e9282685ee653d8f596e597b6eba

httpd-manual-2.4.37-16.module+el8.1.0+18511+ffefe478.6.noarch.rpm

SHA-256: 78efb83e17d494e088939d423ef3f8e0ccc974c908ee2fd3f926dcc144e842ab

httpd-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm

SHA-256: 83bd8c8221897a526077a6f4ce75dbadc4a26564f1b3d5aa6807d5f1fb6a3d40

httpd-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm

SHA-256: 6115482dc0de353150ab2b63df328a91d5c3a9d84785fbf3f0f219269004e8c0

httpd-debugsource-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm

SHA-256: e936e89ed4015eb8878a197755379ceec96c3497c630c7854fc0b8f54532862b

httpd-devel-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm

SHA-256: bd43b9fd8f95bd7392e09fc1b04c068d2b8321918934a1ca8079bf58ce863b1d

httpd-tools-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm

SHA-256: f643d1873e5dd5cd16de620efc1e1e4f897cfb94844f28a60c752a583f41ce95

httpd-tools-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm

SHA-256: 12406a7136fe51902775e094f4996503dc63f436ffbfc720bfa1da020f4de420

mod_http2-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.ppc64le.rpm

SHA-256: 62668734af7c0cc9352bca0670c31d0e7f1da2a3d9da9c8eec16f90404eb3ab2

mod_http2-debuginfo-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.ppc64le.rpm

SHA-256: fd1e74dbc997af2a57e9cff6d4da33b89e60ae3be4d303b824330fad681407c3

mod_http2-debugsource-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.ppc64le.rpm

SHA-256: 90808b4cde3af62cff828058dcca32ec90d0068ee7db2a0cd1ead491b36c2ff4

mod_ldap-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm

SHA-256: a48a111b90ff233a06bf365aa8959e02e9a39da3a60567c295f1376d86d556d1

mod_ldap-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm

SHA-256: a95eec37ade2902bd5acc7ad6e1b9cf9b257f161e92cd228348ba60bbd676f44

mod_md-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm

SHA-256: 77e1cdd980c23b4c9f8e30092856912457b559947181f5152065a0aed2313d82

mod_md-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm

SHA-256: d5b0328a12800b4e8f7fb1e7d4d9c51b56de3823a391904d14a0c1380bc8ce4d

mod_proxy_html-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm

SHA-256: 641f2c881b2f6e01963a5d1d8859aaf690fc3694b90826ee9d2b9d1a99a33ef9

mod_proxy_html-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm

SHA-256: d217e3a1cfc326b8995893fe0af4301a0dd483465f55d0565e763efbf6001844

mod_session-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm

SHA-256: 78eba12c7550c2cf2147bab4bf653f707eb488fc03f3d10e9e5c2ab3522f7e17

mod_session-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm

SHA-256: e2a391f42aaf732b5df45db1fd7d4661ddd5e7d7aec5a240e1836f09dc31a831

mod_ssl-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm

SHA-256: c46c5c4b4f1f6646b67901a40b3e299d18ef6ebf29c055bd9a389c766bafcf32

mod_ssl-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm

SHA-256: e530e7d81452f52587064899447124d921d8231e691202930335b37254ae2d5d

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1

SRPM

httpd-2.4.37-16.module+el8.1.0+18511+ffefe478.6.src.rpm

SHA-256: dfb88ceebb3d4d3dd385b9bbfd55d1e77a926529f6ba2972fad9b190edcb70e6

mod_http2-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.src.rpm

SHA-256: bc819bb5fcce08bf16b5f2a257c45a4f68da62e7947cdd1f98ed6b8cd0dbc976

x86_64

httpd-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm

SHA-256: 5c1ff5d5a640b11dacd1ac6b9961ac58b96e75c07e2d40192114dad1968c0dc1

httpd-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm

SHA-256: 6003ddec384a22eb948dfb7aac2a4b997b7a50cf58dc4e0a0ca0a225d06b1f39

httpd-debugsource-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm

SHA-256: 954db4eaad1b295cb1cd74ab1d8d5d286967526801859bca5a0a5f636e537594

httpd-devel-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm

SHA-256: a0c80c8d10ee4cc4ae482123e00474f7e81abddbf9f43958af28cb676d3677f6

httpd-filesystem-2.4.37-16.module+el8.1.0+18511+ffefe478.6.noarch.rpm

SHA-256: 0e92bb5352ca348bf492a3d88b63e874f7c3e9282685ee653d8f596e597b6eba

httpd-manual-2.4.37-16.module+el8.1.0+18511+ffefe478.6.noarch.rpm

SHA-256: 78efb83e17d494e088939d423ef3f8e0ccc974c908ee2fd3f926dcc144e842ab

httpd-tools-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm

SHA-256: dd72521bdda5412f8f51bad84b83e80aca2dfe28fb1c2749ef3e2d2ced369cb1

httpd-tools-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm

SHA-256: c2dfbba442981a7290f4fdabe919e616efb0d81922d2f848059797480ca10eff

mod_http2-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.x86_64.rpm

SHA-256: f9f4c22b52a6ffb87939433958752a3c3a085a366d8009a989c34e4618cf9d80

mod_http2-debuginfo-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.x86_64.rpm

SHA-256: 704d5a75b8e7b7523a28d80b7a902e01eee440e66cc711f8776b9a08f0398533

mod_http2-debugsource-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.x86_64.rpm

SHA-256: fb78005aa20a97a604780fac8b1499a3ccfaaf2abf3327dfd8c95710f27b5ded

mod_ldap-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm

SHA-256: 03b406f5233fad21acb34940dfb5e808add36768f35d6423c03042a5a709cf5d

mod_ldap-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm

SHA-256: 11514044b9748195271158844764a31b6f40d5ccb4fb0d9582d57835caf104ef

mod_md-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm

SHA-256: 3ce20c6a88d70f07188242caac3cc7c6ca2d0c32dd4fc4cdf0b63dedc974d4c3

mod_md-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm

SHA-256: b4af27291b7846bf2e486a428bbcc6fcebee9005c3e81ccc60e4ed1f9d133f5d

mod_proxy_html-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm

SHA-256: ea69d756ef373f78323e3ecae88852b0d7e11e57ca57b5d0891cd417a79a86f5

mod_proxy_html-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm

SHA-256: 857046ead95282f2fa9755d55d459328f99f4cb712a619ae73a12e238d5748ef

mod_session-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm

SHA-256: 68ead92c450c96f69db4c735a83ffc75ca95d381e56a4ba1160e17544ea8d849

mod_session-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm

SHA-256: 04de3390fcdf96c880f66c8ae7a7e9b0b606433d532facaec122527f5e255f37

mod_ssl-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm

SHA-256: d4b0d6d1738590ff846163ef8498559008c17c81c3647d0868ecc1edc54972ee

mod_ssl-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm

SHA-256: 3d5826564f6b7580d1c35ab651bdce3ea5ff0b0dca7d18d25583b88cb48c341b

Red Hat 安全团队联络方式为 [email protected]。 更多联络细节请参考 https://access.redhat.com/security/team/contact/。

Related news

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).

CVE-2023-26298: HP Device Manager Security Updates

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

RHSA-2023:3355: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update

Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficien...

CVE-2023-28043: DSA-2023-164: Dell Secure Connect Gateway Security Update for Multiple Vulnerabilities

Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.

Red Hat Security Advisory 2023-3292-01

Red Hat Security Advisory 2023-3292-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Red Hat Security Advisory 2023-1916-01

Red Hat Security Advisory 2023-1916-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

Red Hat Security Advisory 2023-1670-01

Red Hat Security Advisory 2023-1670-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

RHSA-2023:1672: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations a...

RHSA-2023:1673: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-s...

RHSA-2023:1670: Red Hat Security Advisory: httpd and mod_http2 security update

An update for httpd and mod_http2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-su...

Red Hat Security Advisory 2023-1597-01

Red Hat Security Advisory 2023-1597-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Red Hat Security Advisory 2023-1547-01

Red Hat Security Advisory 2023-1547-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

RHSA-2023:1597: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches ...

RHSA-2023:1593: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request...

RHSA-2023:1596: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches ...

Ubuntu Security Notice USN-5942-2

Ubuntu Security Notice 5942-2 - USN-5942-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding update for CVE-2023-25690 for Ubuntu 16.04 ESM. Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.

Debian Security Advisory 5376-1

Debian Linux Security Advisory 5376-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service.

Ubuntu Security Notice USN-5942-1

Ubuntu Security Notice 5942-1 - Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server mod_proxy_uwsgi module incorrectly handled certain special characters. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.