Advisories ยป MGASA-2023-0100

Updated apache packages fix security vulnerability

Publication date: 18 Mar 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-25690 , CVE-2023-27522


Some mod_proxy configurations on Apache HTTP Server allow a HTTP request
smuggling attack. Configurations are affected when mod_proxy is enabled
along with some form of RewriteRule or ProxyPassMatch in which a
non-specific pattern matches some portion of the user-supplied
request-target (URL) data and is then re-inserted into the proxied
request-target using variable substitution. (CVE-2023-25690)
HTTP Response Smuggling vulnerability in Apache HTTP Server via
mod_proxy_uwsgi. This issue affects Apache HTTP Server. Special
characters in the origin response header can truncate/split the response
forwarded to the client. (CVE-2023-27522)