Lucene search
UbuntuUSN-5942-1HistoryMar 09, 2023 - 12:00 a.m.
Apache HTTP Server vulnerabilities
2023-03-0900:00:00
ubuntu.com
108
apache http server
ubuntu
vulnerabilities
mod_proxy
mod_proxy_uwsgi
http request smuggling
cve-2023-25690
cve-2023-27522
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
0.019 Low
EPSS
Percentile
88.6%
Releases
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 ESM
Packages
- apache2 - Apache HTTP server
Details
Lars Krapf discovered that the Apache HTTP Server mod_proxy module
incorrectly handled certain configurations. A remote attacker could
possibly use this issue to perform an HTTP Request Smuggling attack.
(CVE-2023-25690)
Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server
mod_proxy_uwsgi module incorrectly handled certain special characters. A
remote attacker could possibly use this issue to perform an HTTP Request
Smuggling attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04
LTS, and Ubuntu 22.10. (CVE-2023-27522)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 22.10 | noarch | apache2 | < 2.4.54-2ubuntu1.2 | UNKNOWN |
| Ubuntu | 22.10 | noarch | apache2-bin | < 2.4.54-2ubuntu1.2 | UNKNOWN |
| Ubuntu | 22.10 | noarch | apache2-bin-dbgsym | < 2.4.54-2ubuntu1.2 | UNKNOWN |
| Ubuntu | 22.10 | noarch | apache2-data | < 2.4.54-2ubuntu1.2 | UNKNOWN |
| Ubuntu | 22.10 | noarch | apache2-dev | < 2.4.54-2ubuntu1.2 | UNKNOWN |
| Ubuntu | 22.10 | noarch | apache2-doc | < 2.4.54-2ubuntu1.2 | UNKNOWN |
| Ubuntu | 22.10 | noarch | apache2-ssl-dev | < 2.4.54-2ubuntu1.2 | UNKNOWN |
| Ubuntu | 22.10 | noarch | apache2-suexec-custom | < 2.4.54-2ubuntu1.2 | UNKNOWN |
| Ubuntu | 22.10 | noarch | apache2-suexec-custom-dbgsym | < 2.4.54-2ubuntu1.2 | UNKNOWN |
| Ubuntu | 22.10 | noarch | apache2-suexec-pristine | < 2.4.54-2ubuntu1.2 | UNKNOWN |
Related
kaspersky
kaspersky
KLA48513 Multiple vulnerabilities in Apache HTTP Server
2023-03-07 00:00:00
nessus
nessus
EulerOS Virtualization 2.10.1 : httpd (EulerOS-SA-2023-2462)
2023-07-28 00:00:00
Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current httpd Multiple Vulnerabilities (SSA:2023-067-01)
2023-03-09 00:00:00
SUSE SLES15 Security Update : apache2 (SUSE-SU-2023:1573-1)
2023-03-25 00:00:00
openvas
openvas
Fedora: Security Advisory for httpd (FEDORA-2023-7d14cdec4a)
2023-03-18 00:00:00
Fedora: Security Advisory for httpd (FEDORA-2023-7df48f618b)
2023-03-26 00:00:00
Slackware: Security Advisory (SSA:2023-067-01)
2023-03-09 00:00:00
osv
osv
apache2 vulnerabilities
2023-03-09 14:30:54
apache2 - security update
2023-04-24 00:00:00
Moderate: httpd and mod_http2 security, bug fix, and enhancement update
2023-11-07 00:00:00
debian
debian
[SECURITY] [DLA 3401-1] apache2 security update
2023-04-24 21:25:54
[SECURITY] [DSA 5376-1] apache2 security update
2023-03-20 18:52:17
fedora
fedora
[SECURITY] Fedora 38 Update: httpd-2.4.56-1.fc38
2023-03-18 00:24:30
[SECURITY] Fedora 37 Update: httpd-2.4.56-1.fc37
2023-03-11 04:29:50
[SECURITY] Fedora 36 Update: httpd-2.4.56-1.fc36
2023-03-25 02:04:42
redos
redos
ROS-20230420-01
2023-04-20 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package apache2 version 1:2.4.56-alt1
2023-03-17 00:00:00
mageia
mageia
Updated apache packages fix security vulnerability
2023-03-19 01:16:28
slackware
slackware
[slackware-security] httpd
2023-03-08 20:30:50
amazon
amazon
Important: httpd
2023-03-17 16:34:00
Important: httpd24
2023-03-17 15:53:00
freebsd
freebsd
Apache httpd -- Multiple vulnerabilities
2023-03-08 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-3.0-0562
2023-04-05 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0461
2023-08-30 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0083
2023-08-30 00:00:00
gentoo
gentoo
Apache HTTPD: Multiple Vulnerabilities
2023-09-08 00:00:00
redhat
redhat
(RHSA-2023:5050) Moderate: httpd:2.4 security update
2023-09-11 12:37:07
(RHSA-2023:6403) Moderate: httpd and mod_http2 security, bug fix, and enhancement update
2023-11-07 06:04:24
(RHSA-2023:5049) Moderate: httpd:2.4 security update
2023-09-11 12:37:03
hackerone
hackerone
rocky
rocky
httpd:2.4 security update
2023-09-19 12:09:00
2.4 bug fix update
2023-05-18 19:17:56
httpd bug fix update
2023-05-25 19:53:09
oraclelinux
oraclelinux
httpd:2.4 security update
2023-09-12 00:00:00
httpd and mod_http2 security, bug fix, and enhancement update
2023-11-11 00:00:00
httpd and mod_http2 security update
2023-04-06 00:00:00
veracode
veracode
HTTP Request Smuggling
2023-03-09 10:25:21
HTTP Request Smuggling
2023-03-11 00:19:43
ubuntucve
ubuntucve
CVE-2023-27522
2023-03-07 00:00:00
CVE-2023-25690
2023-03-07 00:00:00
prion
prion
Design/Logic Flaw
2023-03-07 16:15:00
Design/Logic Flaw
2023-03-07 16:15:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2023-25690)
2023-03-21 10:02:08
cvelist
cvelist
almalinux
almalinux
Important: httpd and mod_http2 security update
2023-04-06 00:00:00
Moderate: httpd and mod_http2 security, bug fix, and enhancement update
2023-11-07 00:00:00
Moderate: httpd:2.4 security update
2023-09-11 00:00:00
nvd
nvd
CVE-2023-25690
2023-03-07 16:15:09
CVE-2023-27522
2023-03-07 16:15:09
debiancve
debiancve
CVE-2023-25690
2023-03-07 16:15:09
CVE-2023-27522
2023-03-07 16:15:09
cbl_mariner
cbl_mariner
CVE-2023-27522 affecting package httpd for versions less than 2.4.56-1
2023-03-24 23:56:03
CVE-2023-27522 affecting package httpd 2.4.55-1
2023-04-07 04:59:28
CVE-2023-25690 affecting package httpd 2.4.55-1
2023-04-07 04:59:28
redhatcve
redhatcve
CVE-2023-27522
2023-03-07 16:30:17
CVE-2023-25690
2023-03-07 16:30:07
cve
cve
CVE-2023-27522
2023-03-07 16:15:09
CVE-2023-25690
2023-03-07 16:15:09
packetstorm
packetstorm
Apache 2.4.55 mod_proxy HTTP Request Smuggling
2024-01-02 00:00:00
githubexploit
githubexploit
Exploit for HTTP Request Smuggling in Apache Http Server
2023-12-04 16:58:53
Exploit for HTTP Request Smuggling in Apache Http Server
2024-06-24 22:20:57
Exploit for HTTP Request Smuggling in Apache Http Server
2023-05-22 03:06:31
alpinelinux
alpinelinux
CVE-2023-27522
2023-03-07 16:15:09
CVE-2023-25690
2023-03-07 16:15:09
f5
f5
K000132965 : Apache vulnerability CVE-2023-27522
2023-03-14 00:00:00
K000133098 : Apache vulnerability CVE-2023-25690
2023-03-22 00:00:00
github
github
Apache HTTP Server via mod_proxy_uwsgi HTTP response smuggling
2023-03-07 18:30:39
zdt
zdt
Apache 2.4.55 mod_proxy HTTP Request Smuggling Exploit
2024-01-02 00:00:00
ubuntu
ubuntu
Apache HTTP Server vulnerability
2023-03-22 00:00:00
adobe
adobe
APSB23-43 : Security update available for Adobe Experience Manager
2023-09-12 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
0.019 Low
EPSS
Percentile
88.6%
Related for USN-5942-1