GoogleOSV:RLSA-2023:1673

HistoryApr 12, 2023 - 1:40 a.m.

Important: httpd:2.4 security update

2023-04-1201:40:50

Google

osv.dev

httpd

security update

vulnerability

http request splitting

cve-2023-25690

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.9%

JSON

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

bugzilla.redhat.com/show_bug.cgi?id=2176209

errata.rockylinux.org/RLSA-2023:1673

rocky 4

redhat 11

openvas 31

nessus 64

ibm 15

cbl_mariner 2

ubuntu 2

cve 1

githubexploit 2

osv 9

packetstorm 1

veracode 1

oraclelinux 3

debiancve 1

almalinux 2

prion 1

cvelist 1

nvd 1

zdt 1

alpinelinux 1

f5 1

redhatcve 1

ubuntucve 1

freebsd 1

amazon 2

slackware 1

fedora 3

altlinux 1

redos 1

debian 2

kaspersky 1

mageia 1

photon 2

adobe 6

rosalinux 3

gentoo 1

qualysblog 1

hp 1

ics 2

oracle 3

rocky

httpd:2.4 security update

2023-04-12 01:40:50

httpd and mod_http2 security update

2023-04-12 01:41:37

2.4 bug fix update

2023-05-18 19:17:56

redhat

(RHSA-2023:1547) Important: httpd:2.4 security update

2023-04-03 15:43:23

(RHSA-2023:1673) Important: httpd:2.4 security update

2023-04-06 16:02:01

(RHSA-2023:1672) Important: httpd:2.4 security update

2023-04-06 16:01:56

openvas

Apache HTTP Server 2.4.0 - 2.4.55 HTTP Request Smuggling Vulnerability - Linux

2023-03-08 00:00:00

SUSE: Security Advisory (SUSE-SU-2023:0803-1)

2023-03-28 00:00:00

Apache HTTP Server 2.4.0 - 2.4.55 HTTP Request Smuggling Vulnerability - Windows

2023-03-08 00:00:00

nessus

CentOS 8 : httpd:2.4 (CESA-2023:1673)

2023-04-07 00:00:00

Oracle Linux 9 : httpd / and / mod_http2 (ELSA-2023-1670)

2023-04-06 00:00:00

CentOS 9 : httpd-2.4.57-2.el9

2024-02-29 00:00:00

ibm

Security Bulletin: Vulnerability in httpd (CVE-2023-25690) affects Power HMC

2023-12-11 13:00:04

Security Bulletin: A vulnerability has been identified in IBM HTTP Server used by IBM Rational ClearQuest (CVE-2023-25690)

2023-05-04 05:00:25

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2023-25690)

2023-03-21 10:02:08

cbl_mariner

CVE-2023-25690 affecting package httpd for versions less than 2.4.56-1

2023-03-24 23:56:03

CVE-2023-25690 affecting package httpd 2.4.55-1

2023-04-07 04:59:28

ubuntu

Apache HTTP Server vulnerability

2023-03-22 00:00:00

Apache HTTP Server vulnerabilities

2023-03-09 00:00:00

cve

CVE-2023-25690

2023-03-07 16:15:09

githubexploit

Exploit for HTTP Request Smuggling in Apache Http Server

2023-05-22 03:06:31

Exploit for HTTP Request Smuggling in Apache Http Server

2023-12-04 16:58:53

osv

Important: httpd:2.4 security update

2023-04-06 00:00:00

apache2 vulnerability

2023-03-22 17:43:19

CVE-2023-25690

2023-03-07 16:15:09

packetstorm

Apache 2.4.55 mod_proxy HTTP Request Smuggling

2024-01-02 00:00:00

veracode

HTTP Request Smuggling

2023-03-11 00:19:43

oraclelinux

httpd security update

2023-04-05 00:00:00

httpd and mod_http2 security update

2023-04-06 00:00:00

httpd:2.4 security update

2023-04-07 00:00:00

debiancve

CVE-2023-25690

2023-03-07 16:15:09

almalinux

Important: httpd and mod_http2 security update

2023-04-06 00:00:00

Important: httpd:2.4 security update

2023-04-06 00:00:00

prion

Design/Logic Flaw

2023-03-07 16:15:00

cvelist

CVE-2023-25690 Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy

2023-03-07 15:09:03

nvd

CVE-2023-25690

2023-03-07 16:15:09

zdt

Apache 2.4.55 mod_proxy HTTP Request Smuggling Exploit

2024-01-02 00:00:00

alpinelinux

CVE-2023-25690

2023-03-07 16:15:09

K000133098 : Apache vulnerability CVE-2023-25690

2023-03-22 00:00:00

redhatcve

CVE-2023-25690

2023-03-07 16:30:07

ubuntucve

CVE-2023-25690

2023-03-07 00:00:00

freebsd

Apache httpd -- Multiple vulnerabilities

2023-03-08 00:00:00

amazon

Important: httpd

2023-03-17 16:34:00

Important: httpd24

2023-03-17 15:53:00

slackware

[slackware-security] httpd

2023-03-08 20:30:50

fedora

[SECURITY] Fedora 36 Update: httpd-2.4.56-1.fc36

2023-03-25 02:04:42

[SECURITY] Fedora 38 Update: httpd-2.4.56-1.fc38

2023-03-18 00:24:30

[SECURITY] Fedora 37 Update: httpd-2.4.56-1.fc37

2023-03-11 04:29:50

altlinux

Security fix for the ALT Linux 10 package apache2 version 1:2.4.56-alt1

2023-03-17 00:00:00

redos

ROS-20230420-01

2023-04-20 00:00:00

debian

[SECURITY] [DLA 3401-1] apache2 security update

2023-04-24 21:26:18

[SECURITY] [DSA 5376-1] apache2 security update

2023-03-20 18:52:17

kaspersky

KLA48513 Multiple vulnerabilities in Apache HTTP Server

2023-03-07 00:00:00

mageia

Updated apache packages fix security vulnerability

2023-03-19 01:16:28

photon

Critical Photon OS Security Update - PHSA-2023-3.0-0562

2023-04-05 00:00:00

Critical Photon OS Security Update - PHSA-2023-4.0-0370

2023-04-05 00:00:00

adobe

APSB23-43 : Security update available for Adobe Experience Manager

2023-09-12 00:00:00

APSB23-31 : Security update available for Adobe Experience Manager

2023-06-13 00:00:00

APSB24-21 : Security update available for Adobe Experience Manager

2024-04-09 00:00:00

rosalinux

Advisory ROSA-SA-2023-2155

2023-04-18 12:09:43

Advisory ROSA-SA-2023-2158

2023-04-25 11:30:17

Advisory ROSA-SA-2023-2161

2023-05-03 11:17:19

gentoo

Apache HTTPD: Multiple Vulnerabilities

2023-09-08 00:00:00

qualysblog

Oracle Patch Tuesday, July 2023 Security Update Review

2023-07-19 15:56:06

HP Device Manager Security Updates

2023-04-13 00:00:00

ics

Siemens SINEC NMS

2024-02-15 12:00:00

Siemens SCALANCE XCM-/XRM-300

2024-02-15 12:00:00

oracle

Oracle Critical Patch Update Advisory - October 2023

2023-10-17 00:00:00

Oracle Critical Patch Update Advisory - July 2023

2023-07-18 00:00:00

Oracle Critical Patch Update Advisory - April 2023

2023-04-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.9%

JSON

Related for OSV:RLSA-2023:1673