Headline
RHSA-2023:1593: Red Hat Security Advisory: httpd security update
An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution.
Synopsis
Important: httpd security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for httpd is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
- httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
Affected Products
- Red Hat Enterprise Linux Server 7 x86_64
- Red Hat Enterprise Linux Workstation 7 x86_64
- Red Hat Enterprise Linux Desktop 7 x86_64
- Red Hat Enterprise Linux for IBM z Systems 7 s390x
- Red Hat Enterprise Linux for Power, big endian 7 ppc64
- Red Hat Enterprise Linux for Scientific Computing 7 x86_64
- Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Fixes
- BZ - 2176209 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy
Red Hat Enterprise Linux Server 7
SRPM
httpd-2.4.6-98.el7_9.7.src.rpm
SHA-256: 24a898d5915736a6bb3b8544a857b287aa8e3ba433d5ae4a745a1224fbbfb547
x86_64
httpd-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: de5a838088a41fc360504a45f2f0bb07cf311bd699a2df111bc94a93a680ca54
httpd-debuginfo-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: 166934e3541ea27e32a5fdcee02222d98367e85951d1e140aa054ff1a0c160b0
httpd-debuginfo-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: 166934e3541ea27e32a5fdcee02222d98367e85951d1e140aa054ff1a0c160b0
httpd-devel-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: 8380d552ebfdc531b6a509a91a984822232a4c42d339d2c98494e1772a779616
httpd-manual-2.4.6-98.el7_9.7.noarch.rpm
SHA-256: c8efcead8fb88dfce14ff90bb2757980a7255f7a210b222fb70034ca7be2eab4
httpd-tools-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: 583ded2f8bb79c88f2fff54012a97b968c4539f9173ec89e171226d6eb74d5fa
mod_ldap-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: 9f9ae603f548bc8b97d047f3276c3a8e7265d0be518df8e82a06679a39e639ab
mod_proxy_html-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: f9732ec54e1d126037ea09b6a61f720914cb05e7fe245153e9d0e2d2f1b9c3d4
mod_session-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: 5551b910786749d624f020aefcfe238cc59d1384166c39aef89b76febf504dea
mod_ssl-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: 98553ce0a51c1abb85b131d5c0660f2969f378ae882d842cb80d95b2d99acab7
Red Hat Enterprise Linux Workstation 7
SRPM
httpd-2.4.6-98.el7_9.7.src.rpm
SHA-256: 24a898d5915736a6bb3b8544a857b287aa8e3ba433d5ae4a745a1224fbbfb547
x86_64
httpd-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: de5a838088a41fc360504a45f2f0bb07cf311bd699a2df111bc94a93a680ca54
httpd-debuginfo-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: 166934e3541ea27e32a5fdcee02222d98367e85951d1e140aa054ff1a0c160b0
httpd-debuginfo-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: 166934e3541ea27e32a5fdcee02222d98367e85951d1e140aa054ff1a0c160b0
httpd-devel-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: 8380d552ebfdc531b6a509a91a984822232a4c42d339d2c98494e1772a779616
httpd-manual-2.4.6-98.el7_9.7.noarch.rpm
SHA-256: c8efcead8fb88dfce14ff90bb2757980a7255f7a210b222fb70034ca7be2eab4
httpd-tools-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: 583ded2f8bb79c88f2fff54012a97b968c4539f9173ec89e171226d6eb74d5fa
mod_ldap-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: 9f9ae603f548bc8b97d047f3276c3a8e7265d0be518df8e82a06679a39e639ab
mod_proxy_html-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: f9732ec54e1d126037ea09b6a61f720914cb05e7fe245153e9d0e2d2f1b9c3d4
mod_session-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: 5551b910786749d624f020aefcfe238cc59d1384166c39aef89b76febf504dea
mod_ssl-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: 98553ce0a51c1abb85b131d5c0660f2969f378ae882d842cb80d95b2d99acab7
Red Hat Enterprise Linux Desktop 7
SRPM
httpd-2.4.6-98.el7_9.7.src.rpm
SHA-256: 24a898d5915736a6bb3b8544a857b287aa8e3ba433d5ae4a745a1224fbbfb547
x86_64
httpd-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: de5a838088a41fc360504a45f2f0bb07cf311bd699a2df111bc94a93a680ca54
httpd-debuginfo-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: 166934e3541ea27e32a5fdcee02222d98367e85951d1e140aa054ff1a0c160b0
httpd-devel-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: 8380d552ebfdc531b6a509a91a984822232a4c42d339d2c98494e1772a779616
httpd-manual-2.4.6-98.el7_9.7.noarch.rpm
SHA-256: c8efcead8fb88dfce14ff90bb2757980a7255f7a210b222fb70034ca7be2eab4
httpd-tools-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: 583ded2f8bb79c88f2fff54012a97b968c4539f9173ec89e171226d6eb74d5fa
mod_ldap-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: 9f9ae603f548bc8b97d047f3276c3a8e7265d0be518df8e82a06679a39e639ab
mod_proxy_html-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: f9732ec54e1d126037ea09b6a61f720914cb05e7fe245153e9d0e2d2f1b9c3d4
mod_session-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: 5551b910786749d624f020aefcfe238cc59d1384166c39aef89b76febf504dea
mod_ssl-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: 98553ce0a51c1abb85b131d5c0660f2969f378ae882d842cb80d95b2d99acab7
Red Hat Enterprise Linux for IBM z Systems 7
SRPM
httpd-2.4.6-98.el7_9.7.src.rpm
SHA-256: 24a898d5915736a6bb3b8544a857b287aa8e3ba433d5ae4a745a1224fbbfb547
s390x
httpd-2.4.6-98.el7_9.7.s390x.rpm
SHA-256: 4b9f5c5a21a82a0a548e95c28c9e2c0f3347b984d1d632aab8e87f7ef81d2a6f
httpd-debuginfo-2.4.6-98.el7_9.7.s390x.rpm
SHA-256: 02b0a711101c74399a30889896e4b303a9988078577753feae69f163e8df1b0f
httpd-debuginfo-2.4.6-98.el7_9.7.s390x.rpm
SHA-256: 02b0a711101c74399a30889896e4b303a9988078577753feae69f163e8df1b0f
httpd-devel-2.4.6-98.el7_9.7.s390x.rpm
SHA-256: 70e0a60d2c1323f77f5822c052537d6327c73658f448977a28d8208362b98776
httpd-manual-2.4.6-98.el7_9.7.noarch.rpm
SHA-256: c8efcead8fb88dfce14ff90bb2757980a7255f7a210b222fb70034ca7be2eab4
httpd-tools-2.4.6-98.el7_9.7.s390x.rpm
SHA-256: c7d3ad1ef6427e1abcac7dd2034c093c38dee78563016f125afa566bd62f9906
mod_ldap-2.4.6-98.el7_9.7.s390x.rpm
SHA-256: 322edff550d803222fbc8782bc794f4d918ad5ae4e50f9df62ac135a52763462
mod_proxy_html-2.4.6-98.el7_9.7.s390x.rpm
SHA-256: e6c6387696487888e83c2b9d844175197fc56acc70df7639664c239b0cf73f8f
mod_session-2.4.6-98.el7_9.7.s390x.rpm
SHA-256: e047d19db4a5b36916076db705009d7eea8d58a2a5435a4a7fe372ac44373be3
mod_ssl-2.4.6-98.el7_9.7.s390x.rpm
SHA-256: 14def510edbae9f3f5832d3d2e0ddefa605d712c83a12f8412ee70556806a7c1
Red Hat Enterprise Linux for Power, big endian 7
SRPM
httpd-2.4.6-98.el7_9.7.src.rpm
SHA-256: 24a898d5915736a6bb3b8544a857b287aa8e3ba433d5ae4a745a1224fbbfb547
ppc64
httpd-2.4.6-98.el7_9.7.ppc64.rpm
SHA-256: d464dc604d461449109c623d0d198965896010a462c35d9cb6ac743043e14ce9
httpd-debuginfo-2.4.6-98.el7_9.7.ppc64.rpm
SHA-256: 7d3c5f74cc2f6f96b213743d75aafb45421f5be415b93d4d7fd278212154c3cf
httpd-debuginfo-2.4.6-98.el7_9.7.ppc64.rpm
SHA-256: 7d3c5f74cc2f6f96b213743d75aafb45421f5be415b93d4d7fd278212154c3cf
httpd-devel-2.4.6-98.el7_9.7.ppc64.rpm
SHA-256: e92f7584ba8f6eea2f8bbc2cd11baa140f46ef766a6ccc32d04723b8a8bf5f72
httpd-manual-2.4.6-98.el7_9.7.noarch.rpm
SHA-256: c8efcead8fb88dfce14ff90bb2757980a7255f7a210b222fb70034ca7be2eab4
httpd-tools-2.4.6-98.el7_9.7.ppc64.rpm
SHA-256: 43f5e5711c21ca22a62325c4629c5f8eb27771491d90eac6f3ad7ebae068d6ab
mod_ldap-2.4.6-98.el7_9.7.ppc64.rpm
SHA-256: a66071ce8b945bb312d35b3df0207cca0ed1b5fc5f12624804b3430c46b9faa5
mod_proxy_html-2.4.6-98.el7_9.7.ppc64.rpm
SHA-256: e107fba68b075275146af34cd093663b8a2c891e03915406d59caebd6844394f
mod_session-2.4.6-98.el7_9.7.ppc64.rpm
SHA-256: c3e30ba0ec83310fb09eeed7cb5025e943ad2b5de4f4c368098b40aad5e2824e
mod_ssl-2.4.6-98.el7_9.7.ppc64.rpm
SHA-256: f82f95a2551b430a7b123d7e4f3ef5368ee36cf48378ed8a2eaecbd3608d7577
Red Hat Enterprise Linux for Scientific Computing 7
SRPM
httpd-2.4.6-98.el7_9.7.src.rpm
SHA-256: 24a898d5915736a6bb3b8544a857b287aa8e3ba433d5ae4a745a1224fbbfb547
x86_64
httpd-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: de5a838088a41fc360504a45f2f0bb07cf311bd699a2df111bc94a93a680ca54
httpd-debuginfo-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: 166934e3541ea27e32a5fdcee02222d98367e85951d1e140aa054ff1a0c160b0
httpd-devel-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: 8380d552ebfdc531b6a509a91a984822232a4c42d339d2c98494e1772a779616
httpd-manual-2.4.6-98.el7_9.7.noarch.rpm
SHA-256: c8efcead8fb88dfce14ff90bb2757980a7255f7a210b222fb70034ca7be2eab4
httpd-tools-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: 583ded2f8bb79c88f2fff54012a97b968c4539f9173ec89e171226d6eb74d5fa
mod_ldap-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: 9f9ae603f548bc8b97d047f3276c3a8e7265d0be518df8e82a06679a39e639ab
mod_proxy_html-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: f9732ec54e1d126037ea09b6a61f720914cb05e7fe245153e9d0e2d2f1b9c3d4
mod_session-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: 5551b910786749d624f020aefcfe238cc59d1384166c39aef89b76febf504dea
mod_ssl-2.4.6-98.el7_9.7.x86_64.rpm
SHA-256: 98553ce0a51c1abb85b131d5c0660f2969f378ae882d842cb80d95b2d99acab7
Red Hat Enterprise Linux for Power, little endian 7
SRPM
httpd-2.4.6-98.el7_9.7.src.rpm
SHA-256: 24a898d5915736a6bb3b8544a857b287aa8e3ba433d5ae4a745a1224fbbfb547
ppc64le
httpd-2.4.6-98.el7_9.7.ppc64le.rpm
SHA-256: a2fb9fb534f4c73abac7fa31e963778f630673c5202eb968914ed6daff62d9c4
httpd-debuginfo-2.4.6-98.el7_9.7.ppc64le.rpm
SHA-256: af56951d646f2e6358ac4285d3dd332f3037cb0ec455f3f4c542ecf9515a96f6
httpd-debuginfo-2.4.6-98.el7_9.7.ppc64le.rpm
SHA-256: af56951d646f2e6358ac4285d3dd332f3037cb0ec455f3f4c542ecf9515a96f6
httpd-devel-2.4.6-98.el7_9.7.ppc64le.rpm
SHA-256: bdf40475677c54e67f2373a09a4157a813564e6a4dfcd60682a56c997ca71c80
httpd-manual-2.4.6-98.el7_9.7.noarch.rpm
SHA-256: c8efcead8fb88dfce14ff90bb2757980a7255f7a210b222fb70034ca7be2eab4
httpd-tools-2.4.6-98.el7_9.7.ppc64le.rpm
SHA-256: cd47c55d4a9aa1cb124b57d45c7d22290d5a6dda068de981304356ae16c71b8b
mod_ldap-2.4.6-98.el7_9.7.ppc64le.rpm
SHA-256: e4e87b63f67e81e3300dc1248e3b77155ef858e3d9e1b94175463a3a4ec6a6d6
mod_proxy_html-2.4.6-98.el7_9.7.ppc64le.rpm
SHA-256: f8009cff91824f6df704abb27c315817fef97f23c9a59da49ea688fc74b125e6
mod_session-2.4.6-98.el7_9.7.ppc64le.rpm
SHA-256: ed90a3675e48634902e73ba3c5f710f2fd3badff5ba4b1ecbc9e51b2a62e3db2
mod_ssl-2.4.6-98.el7_9.7.ppc64le.rpm
SHA-256: b07179669b7607197cd0057cea0e8cb2d2417d939e668f1e226bd73628e2a87c
Related news
Gentoo Linux Security Advisory 202309-1 - Multiple vulnerabilities have been discovered in Apache HTTPD, the worst of which could result in denial of service. Versions greater than or equal to 2.4.56 are affected.
An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.
An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 on Red Hat Enterprise Linux versions 7 and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the Open...
Red Hat Security Advisory 2023-3292-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-suppli...
An update for httpd and mod_http2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches s...
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Red Hat Security Advisory 2023-1670-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations a...
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-s...
An update for httpd and mod_http2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-su...
Red Hat Security Advisory 2023-1597-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Red Hat Security Advisory 2023-1547-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches ...
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific patter...
Ubuntu Security Notice 5942-2 - USN-5942-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding update for CVE-2023-25690 for Ubuntu 16.04 ESM. Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.
Debian Linux Security Advisory 5376-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service.
Ubuntu Security Notice 5942-1 - Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server mod_proxy_uwsgi module incorrectly handled certain special characters. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.