Astra Linux - уязвимость в apache2

🗓️ 03 May 2026 23:59:50Reported by AstraLinuxType

astralinux

astralinux🔗 astra.ru👁 7 Views

Apache HTTP Server 2.4.0–2.4.55 allows request smuggling via mod_proxy patterns; update to version 2.4.56.

Reporter	Title	Published	Views	Family All 274
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2023-25690)	21 Mar 202310:02	–	ibm
IBM Security Bulletins	Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP request splitting attacks due to an error using mod_proxy (CVE-2023-25690).	29 Aug 202321:19	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server	31 Aug 202319:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM HTTP Server is vulnerable to HTTP request splitting due to the included Apache HTTP Server (CVE-2023-25690)	4 Apr 202316:02	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2023-25690]	28 Mar 202307:48	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities	7 Jun 202316:53	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities have been identified in OpenSSL, Apache HTTP Server and other system libraries shipped with the DS8000 Hardware Management Console (HMC)	12 Jul 202311:03	–	ibm
IBM Security Bulletins	Security Bulletin: Cloud Pak System is vulnerable to HTTP request splitting attack.	1 Oct 202419:35	–	ibm
IBM Security Bulletins	Security Bulletin: IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On uses IBM HTTP Server that is vulnerable to HTTP request splitting (CVE-2023-25690)	29 Mar 202304:38	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for April 2023	28 Apr 202314:09	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Astra Linux	1.7	x86-64	apache2	0:2.4.52-1~bpo10+1astra.se7	apache2_0:2.4.52-1~bpo10+1astra.se7_x86-64.deb
Astra Linux	1.7	x86-64	apache2-bin	0:2.4.52-1~bpo10+1astra.se7	apache2-bin_0:2.4.52-1~bpo10+1astra.se7_x86-64.deb
Astra Linux	1.7	x86-64	apache2-data	0:2.4.52-1~bpo10+1astra.se7	apache2-data_0:2.4.52-1~bpo10+1astra.se7_x86-64.deb
Astra Linux	1.7	x86-64	apache2-dev	0:2.4.52-1~bpo10+1astra.se7	apache2-dev_0:2.4.52-1~bpo10+1astra.se7_x86-64.deb
Astra Linux	1.7	x86-64	apache2-doc	0:2.4.52-1~bpo10+1astra.se7	apache2-doc_0:2.4.52-1~bpo10+1astra.se7_x86-64.deb
Astra Linux	1.7	x86-64	apache2-ssl-dev	0:2.4.52-1~bpo10+1astra.se7	apache2-ssl-dev_0:2.4.52-1~bpo10+1astra.se7_x86-64.deb
Astra Linux	1.7	x86-64	apache2-suexec-custom	0:2.4.52-1~bpo10+1astra.se7	apache2-suexec-custom_0:2.4.52-1~bpo10+1astra.se7_x86-64.deb
Astra Linux	1.7	x86-64	apache2-suexec-pristine	0:2.4.52-1~bpo10+1astra.se7	apache2-suexec-pristine_0:2.4.52-1~bpo10+1astra.se7_x86-64.deb
Astra Linux	1.7	x86-64	apache2-utils	0:2.4.52-1~bpo10+1astra.se7	apache2-utils_0:2.4.52-1~bpo10+1astra.se7_x86-64.deb
Astra Linux	1.7	x86-64	libapache2-mod-md	0:2.4.52-1~bpo10+1astra.se7	libapache2-mod-md_0:2.4.52-1~bpo10+1astra.se7_x86-64.deb

Source	Link
bdu	www.bdu.fstec.ru/vul/2023-01738
cve	www.cve.org/CVERecord

03 May 2026 23:59Current

6.8Medium risk

Vulners AI Score6.8

CVSS 39.8

CVSS 3.19.8

EPSS0.67011

SSVC

Apache HTTP Server proxy module request smuggling rewrite rule proxy pass match version 2.4.56