MGASA-2023-0100 Updated apache packages fix security vulnerability

Some modproxy configurations on Apache HTTP Server allow a HTTP request smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target URL data an...

[SECURITY] Fedora 38 Update: httpd-2.4.56-1.fc38

The Apache HTTP Server is a powerful, efficient, and extensible web server...

Fedora: Security Advisory for httpd (FEDORA-2023-7d14cdec4a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Internet Bug Bounty: Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522)

A vulnerability was found in Apache HTTP Server's modproxyuwsgi, affecting versions 2.4.30 through 2.4.55. The issue allowed special characters in the origin response header to truncate or split the response forwarded to the client, potentially resulting in security headers being ignored by the...

Fedora 38 : httpd (2023-7d14cdec4a)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-7d14cdec4a advisory. - new version 2.4.56 - security update for CVE-2023-27522 and CVE-2023-25690 Tenable has extracted the preceding description block directly from the...

Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy

...

Fedora: Security Advisory for httpd (FEDORA-2023-54dae7b78a)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 37 : httpd (2023-54dae7b78a)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-54dae7b78a advisory. - new version 2.4.56 - security update for CVE-2023-27522 and CVE-2023-25690 Tenable has extracted the preceding description block directly from the...

Debian dla-3351 : apache2 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3351 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3351-1 [email protected]...

Ubuntu: Security Advisory (USN-5942-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache HTTP Server vulnerabilities (USN-5942-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5942-1 advisory. Lars Krapf discovered that the Apache HTTP Server modproxy module incorrectly handled certain configurations. A remote attacker...

USN-5942-1: Apache HTTP Server vulnerabilities

Lars Krapf discovered that the Apache HTTP Server modproxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. CVE-2023-25690 Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server modproxyuws...

Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current httpd Multiple Vulnerabilities (SSA:2023-067-01)

The version of httpd installed on the remote host is prior to 2.4.56. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-067-01 advisory. - Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack...

Apache HTTP Server 2.4.30 - 2.4.55 HTTP Request Smuggling Vulnerability - Linux

Apache HTTP Server is prone to a HTTP request smuggling vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports: CVE-2023-27522: Apache HTTP Server: modproxyuwsgi HTTP response splitting cve.mitre.org. HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the...

PT-2023-12907 · Undefined · Undefined

Apache HTTP Server fixes two HTTP request splitting CVE-2022-27522 & CVE-2023-25690 flaws https://securityonline.info/cve-2022-27522-cve-2023-25690-apache-http-server-vulnerability/...

Apache HTTP Server via mod_proxy_uwsgi HTTP response smuggling

HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP Server from 2.4.30 through 2.4.55 and the uWSGI PyPI package prior to version 2.0.22. Special characters in the origin response header can truncate/split the response forwarded to the...

CVE-2023-27522

An HTTP Response Smuggling vulnerability was found in the Apache HTTP Server via modproxyuwsgi. This security issue occurs when special characters in the origin response header can truncate or split the response forwarded to the client. Mitigation Mitigation for this issue is either not available...

CVE-2023-25690

A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...

ALPINE-CVE-2023-27522

HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client...