oss-sec mailing list archives

CVE-2023-27522: Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting


From: Eric Covener <covener () apache org>
Date: Tue, 07 Mar 2023 12:55:32 +0000

Severity: moderate

Description:

HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: 
from 2.4.30 through 2.4.55.

Special characters in the origin response header can truncate/split the response forwarded to the client.

Credit:

Dimas Fariski Setyawan Putra (nyxsorcerer) (finder)

References:

https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-27522

Timeline:

2023-01-29: Reported to security team


Current thread: