Headline
RHSA-2023:1547: Red Hat Security Advisory: httpd:2.4 security update
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
发布:
2023-04-03
已更新:
2023-04-03
RHSA-2023:1547 - Security Advisory
- 概述
- 更新的软件包
概述
Important: httpd:2.4 security update
类型/严重性
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
标题
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
描述
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
- httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
解决方案
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
受影响的产品
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64
修复
- BZ - 2176209 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy
参考
- https://access.redhat.com/security/updates/classification/#important
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1
SRPM
httpd-2.4.37-16.module+el8.1.0+18511+ffefe478.6.src.rpm
SHA-256: dfb88ceebb3d4d3dd385b9bbfd55d1e77a926529f6ba2972fad9b190edcb70e6
mod_http2-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.src.rpm
SHA-256: bc819bb5fcce08bf16b5f2a257c45a4f68da62e7947cdd1f98ed6b8cd0dbc976
ppc64le
httpd-filesystem-2.4.37-16.module+el8.1.0+18511+ffefe478.6.noarch.rpm
SHA-256: 0e92bb5352ca348bf492a3d88b63e874f7c3e9282685ee653d8f596e597b6eba
httpd-manual-2.4.37-16.module+el8.1.0+18511+ffefe478.6.noarch.rpm
SHA-256: 78efb83e17d494e088939d423ef3f8e0ccc974c908ee2fd3f926dcc144e842ab
httpd-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm
SHA-256: 83bd8c8221897a526077a6f4ce75dbadc4a26564f1b3d5aa6807d5f1fb6a3d40
httpd-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm
SHA-256: 6115482dc0de353150ab2b63df328a91d5c3a9d84785fbf3f0f219269004e8c0
httpd-debugsource-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm
SHA-256: e936e89ed4015eb8878a197755379ceec96c3497c630c7854fc0b8f54532862b
httpd-devel-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm
SHA-256: bd43b9fd8f95bd7392e09fc1b04c068d2b8321918934a1ca8079bf58ce863b1d
httpd-tools-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm
SHA-256: f643d1873e5dd5cd16de620efc1e1e4f897cfb94844f28a60c752a583f41ce95
httpd-tools-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm
SHA-256: 12406a7136fe51902775e094f4996503dc63f436ffbfc720bfa1da020f4de420
mod_http2-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.ppc64le.rpm
SHA-256: 62668734af7c0cc9352bca0670c31d0e7f1da2a3d9da9c8eec16f90404eb3ab2
mod_http2-debuginfo-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.ppc64le.rpm
SHA-256: fd1e74dbc997af2a57e9cff6d4da33b89e60ae3be4d303b824330fad681407c3
mod_http2-debugsource-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.ppc64le.rpm
SHA-256: 90808b4cde3af62cff828058dcca32ec90d0068ee7db2a0cd1ead491b36c2ff4
mod_ldap-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm
SHA-256: a48a111b90ff233a06bf365aa8959e02e9a39da3a60567c295f1376d86d556d1
mod_ldap-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm
SHA-256: a95eec37ade2902bd5acc7ad6e1b9cf9b257f161e92cd228348ba60bbd676f44
mod_md-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm
SHA-256: 77e1cdd980c23b4c9f8e30092856912457b559947181f5152065a0aed2313d82
mod_md-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm
SHA-256: d5b0328a12800b4e8f7fb1e7d4d9c51b56de3823a391904d14a0c1380bc8ce4d
mod_proxy_html-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm
SHA-256: 641f2c881b2f6e01963a5d1d8859aaf690fc3694b90826ee9d2b9d1a99a33ef9
mod_proxy_html-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm
SHA-256: d217e3a1cfc326b8995893fe0af4301a0dd483465f55d0565e763efbf6001844
mod_session-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm
SHA-256: 78eba12c7550c2cf2147bab4bf653f707eb488fc03f3d10e9e5c2ab3522f7e17
mod_session-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm
SHA-256: e2a391f42aaf732b5df45db1fd7d4661ddd5e7d7aec5a240e1836f09dc31a831
mod_ssl-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm
SHA-256: c46c5c4b4f1f6646b67901a40b3e299d18ef6ebf29c055bd9a389c766bafcf32
mod_ssl-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm
SHA-256: e530e7d81452f52587064899447124d921d8231e691202930335b37254ae2d5d
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1
SRPM
httpd-2.4.37-16.module+el8.1.0+18511+ffefe478.6.src.rpm
SHA-256: dfb88ceebb3d4d3dd385b9bbfd55d1e77a926529f6ba2972fad9b190edcb70e6
mod_http2-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.src.rpm
SHA-256: bc819bb5fcce08bf16b5f2a257c45a4f68da62e7947cdd1f98ed6b8cd0dbc976
x86_64
httpd-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm
SHA-256: 5c1ff5d5a640b11dacd1ac6b9961ac58b96e75c07e2d40192114dad1968c0dc1
httpd-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm
SHA-256: 6003ddec384a22eb948dfb7aac2a4b997b7a50cf58dc4e0a0ca0a225d06b1f39
httpd-debugsource-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm
SHA-256: 954db4eaad1b295cb1cd74ab1d8d5d286967526801859bca5a0a5f636e537594
httpd-devel-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm
SHA-256: a0c80c8d10ee4cc4ae482123e00474f7e81abddbf9f43958af28cb676d3677f6
httpd-filesystem-2.4.37-16.module+el8.1.0+18511+ffefe478.6.noarch.rpm
SHA-256: 0e92bb5352ca348bf492a3d88b63e874f7c3e9282685ee653d8f596e597b6eba
httpd-manual-2.4.37-16.module+el8.1.0+18511+ffefe478.6.noarch.rpm
SHA-256: 78efb83e17d494e088939d423ef3f8e0ccc974c908ee2fd3f926dcc144e842ab
httpd-tools-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm
SHA-256: dd72521bdda5412f8f51bad84b83e80aca2dfe28fb1c2749ef3e2d2ced369cb1
httpd-tools-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm
SHA-256: c2dfbba442981a7290f4fdabe919e616efb0d81922d2f848059797480ca10eff
mod_http2-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.x86_64.rpm
SHA-256: f9f4c22b52a6ffb87939433958752a3c3a085a366d8009a989c34e4618cf9d80
mod_http2-debuginfo-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.x86_64.rpm
SHA-256: 704d5a75b8e7b7523a28d80b7a902e01eee440e66cc711f8776b9a08f0398533
mod_http2-debugsource-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.x86_64.rpm
SHA-256: fb78005aa20a97a604780fac8b1499a3ccfaaf2abf3327dfd8c95710f27b5ded
mod_ldap-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm
SHA-256: 03b406f5233fad21acb34940dfb5e808add36768f35d6423c03042a5a709cf5d
mod_ldap-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm
SHA-256: 11514044b9748195271158844764a31b6f40d5ccb4fb0d9582d57835caf104ef
mod_md-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm
SHA-256: 3ce20c6a88d70f07188242caac3cc7c6ca2d0c32dd4fc4cdf0b63dedc974d4c3
mod_md-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm
SHA-256: b4af27291b7846bf2e486a428bbcc6fcebee9005c3e81ccc60e4ed1f9d133f5d
mod_proxy_html-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm
SHA-256: ea69d756ef373f78323e3ecae88852b0d7e11e57ca57b5d0891cd417a79a86f5
mod_proxy_html-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm
SHA-256: 857046ead95282f2fa9755d55d459328f99f4cb712a619ae73a12e238d5748ef
mod_session-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm
SHA-256: 68ead92c450c96f69db4c735a83ffc75ca95d381e56a4ba1160e17544ea8d849
mod_session-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm
SHA-256: 04de3390fcdf96c880f66c8ae7a7e9b0b606433d532facaec122527f5e255f37
mod_ssl-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm
SHA-256: d4b0d6d1738590ff846163ef8498559008c17c81c3647d0868ecc1edc54972ee
mod_ssl-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm
SHA-256: 3d5826564f6b7580d1c35ab651bdce3ea5ff0b0dca7d18d25583b88cb48c341b
Red Hat 安全团队联络方式为 [email protected]。 更多联络细节请参考 https://access.redhat.com/security/team/contact/。
Related news
Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficien...
Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.
Red Hat Security Advisory 2023-3292-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Red Hat Security Advisory 2023-1916-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Red Hat Security Advisory 2023-1670-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations a...
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-s...
An update for httpd and mod_http2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-su...
Red Hat Security Advisory 2023-1597-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Red Hat Security Advisory 2023-1547-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches ...
An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request...
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches ...
Ubuntu Security Notice 5942-2 - USN-5942-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding update for CVE-2023-25690 for Ubuntu 16.04 ESM. Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.
Debian Linux Security Advisory 5376-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service.
Ubuntu Security Notice 5942-1 - Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server mod_proxy_uwsgi module incorrectly handled certain special characters. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.