Updated apache packages fix security vulnerability
Publication date: 18 Mar 2023Modification date: 18 Mar 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-25690 , CVE-2023-27522
Description
Some mod_proxy configurations on Apache HTTP Server allow a HTTP request smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. (CVE-2023-25690) HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server. Special characters in the origin response header can truncate/split the response forwarded to the client. (CVE-2023-27522)
References
SRPMS
8/core
- apache-2.4.56-1.mga8