ALAS2-2023-1989 --- httpdID: oval:org.secpod.oval:def:1701229 | Date: (C)2023-03-28 (M)2024-04-29 |
Class: PATCH | Family: unix |
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target data and is then re-inserted into the proxied request-target using variable substitution. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server. HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client
Product: |
httpd |
mod_ssl |
mod_md |
mod_proxy_html |
mod_ldap |
mod_session |