CVE-2023-27522
Summary
| CVE | CVE-2023-27522 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-03-07 16:15:00 UTC |
|---|
| Updated | 2023-09-08 22:15:00 UTC |
|---|
| Description | HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.
Special characters in the origin response header can truncate/split the response forwarded to the client. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [SECURITY] [DLA 3401-1] apache2 security update |
MISC |
lists.debian.org |
|
| Apache HTTP Server 2.4 vulnerabilities - The Apache HTTP Server Project |
MISC |
httpd.apache.org |
|
| Apache HTTPD: Multiple Vulnerabilities (GLSA 202309-01) — Gentoo security |
MISC |
security.gentoo.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 150660 Apache HTTP Server Prior to 2.4.56 Multiple Security Vulnerabilities
- 161092 Oracle Enterprise Linux Security Update for httpd and mod_http2 (ELSA-2023-6403)
- 181660 Debian Security Update for apache2 (DSA 5376-1)
- 181753 Debian Security Update for apache2 (DLA 3401-1)
- 183292 Debian Security Update for apache2 (CVE-2023-27522)
- 199231 Ubuntu Security Notification for Apache Hypertext Transfer Protocol (HTTP) Server Vulnerabilities (USN-5942-1)
- 241954 Red Hat Update for JBoss Core Services (RHSA-2023:4629)
- 242400 Red Hat Update for httpd and mod_http2 security (RHSA-2023:6403)
- 283776 Fedora Security Update for httpd (FEDORA-2023-54dae7b78a)
- 283818 Fedora Security Update for httpd (FEDORA-2023-7df48f618b)
- 284249 Fedora Security Update for httpd (FEDORA-2023-7d14cdec4a)
- 354828 Amazon Linux Security Advisory for httpd : ALAS2-2023-1989
- 354845 Amazon Linux Security Advisory for httpd24 : ALAS-2023-1711
- 355276 Amazon Linux Security Advisory for httpd : ALAS2023-2023-136
- 378489 NetApp Clustered Data Open Network Technology for Appliance Products (ONTAP) Denial of Service (DoS) Vulnerability (NTAP-20230316-0007)
- 502676 Alpine Linux Security Update for apache2
- 503859 Alpine Linux Security Update for apache2
- 672896 EulerOS Security Update for httpd (EulerOS-SA-2023-1805)
- 672908 EulerOS Security Update for httpd (EulerOS-SA-2023-1823)
- 672999 EulerOS Security Update for httpd (EulerOS-SA-2023-1847)
- 673013 EulerOS Security Update for httpd (EulerOS-SA-2023-1872)
- 673063 EulerOS Security Update for httpd (EulerOS-SA-2023-2191)
- 673142 EulerOS Security Update for httpd (EulerOS-SA-2023-2271)
- 673150 EulerOS Security Update for httpd (EulerOS-SA-2023-2295)
- 691094 Free Berkeley Software Distribution (FreeBSD) Security Update for apache httpd (8edeb3c1-bfe7-11ed-96f5-3497f65b111b)
- 730765 Apache Hypertext Transfer Protocol (HTTP) Server Response Smuggling Vulnerability
- 753799 SUSE Enterprise Linux Security Update for apache2 (SUSE-SU-2023:0764-1)
- 753813 SUSE Enterprise Linux Security Update for apache2 (SUSE-SU-2023:0799-1)
- 753845 SUSE Enterprise Linux Security Update for apache2 (SUSE-SU-2023:1573-1)
- 906678 Common Base Linux Mariner (CBL-Mariner) Security Update for httpd (25606-3)
- 906723 Common Base Linux Mariner (CBL-Mariner) Security Update for httpd (25613-1)
- 941372 AlmaLinux Security Update for httpd and mod_http2 (ALSA-2023:6403)
- 961018 Rocky Linux Security Update for httpd:2.4 (RLSA-2023:5050)
