Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2023-25690

Published: 07/03/2023 Updated: 02/01/2024
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Apache

Vulnerability Summary

Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 up to and including 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server

Vendor Advisories

Debian CVElist Bug Report Logs: apache2: CVE-2023-25690 CVE-2023-27522
Debian Bug report logs - #1032476 apache2: CVE-2023-25690 CVE-2023-27522 Package: src:apache2; Maintainer for src:apache2 is Debian Apache Maintainers <debian-apache@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 7 Mar 2023 19:51:02 UTC Severity: grave Tags: security, upstream F ...
Debian Security Advisories: DSA-5376-1 apache2 -- security update
Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service For the stable distribution (bullseye), these problems have been fixed in version 2456-1~deb11u1 We recommend that you upgrade your apache2 packages For the detailed security status of apache2 please refer t ...
Amazon Linux 2: ALAS2-2023-1989
Some mod_proxy configurations on Apache HTTP Server versions 240 through 2455 allow a HTTP Request Smuggling attack Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-insert ...
Amazon Linux AMI: ALAS-2023-1711
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent This could cause the process to crash This issue affects Apache HTTP Server 2454 and earlier (CVE-2006-20001) Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulne ...
Red Hat: Important: httpd:2.4 security update
概述 Important: httpd:24 security update 类型/严重性 Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems 标题 An update for the httpd:24 module is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Ha ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2451 SP2 security update Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services Apache HTTP Server 2451 Service Pack 2 is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2451 SP2 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2 ...
Red Hat: Important: httpd:2.4 security update
Synopsis Important: httpd:24 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the httpd:24 module is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Se ...
Red Hat: Important: httpd security update
Synopsis Important: httpd security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for httpd is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a secu ...
Red Hat: Important: httpd:2.4 security update
Synopsis Important: httpd:24 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the httpd:24 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this upda ...
Red Hat: Important: httpd:2.4 security update
Synopsis Important: httpd:24 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the httpd:24 module is now available for Red Hat Enterprise Linux 82 Advanced Update Support, Red Hat Enterpris ...
Red Hat: Important: httpd24-httpd security update
Synopsis Important: httpd24-httpd security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for httpd24-httpd is now available for Red Hat Software CollectionsRed Hat Product Security has rated this updat ...
Red Hat: Important: httpd:2.4 security update
Synopsis Important: httpd:24 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the httpd:24 module is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Product Se ...
Red Hat: Important: httpd and mod_http2 security update
Synopsis Important: httpd and mod_http2 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for httpd and mod_http2 is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat P ...
Red Hat: Important: httpd and mod_http2 security update
Synopsis Important: httpd and mod_http2 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for httpd and mod_http2 is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated ...
Red Hat:
Description<!----> This CVE is under investigation by Red Hat Product Security ...
Palo Alto Networks Security Advisory: PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/0600b443ff4393d097c485fbc8d3ed3b
Critical Infrastructure Sectors: Critical Manufacturing
https://ics-cert.us-cert.gov/advisories/98c399e36f6402fb998b84a1a7aaa7b0
Critical Infrastructure Sectors: Critical Manufacturing

Github Repositories

https://github.com/tbachvarova/linux-apache-fix-mod_rewrite-spaceInURL

Fix URL containing SPACES after Apache upgrade CVE-2023-25690

FIX linux (Ubuntu) Apache mod_rewrite space In URL After the last Apache Upgrade, I've had some issues with "spaces in URL" in mod_rewrite 2023-04-25 - upgrade apache2:amd64 2438-3+deb10u9 2438-3+deb10u10 The URLs that contain "space" and have been replaced with %20 start to return error 403 by Apache I found that the update was actually to fix th

https://github.com/dhmosfunk/dhmosfunk

https://dhmosfunk.github.io/

@dhmosfunk @apphacktheboxcom/profile/78776 Contributions to projects : Repository Topic Pull Request swisskyrepo/PayloadsAllTheThings SQL Injection Update the PostgreSQL Time Based Payloads for Database,Table,Columns Extract swisskyrepo/PayloadsAllTheThings HTTP Request Smuggling Add my tool for manually HTTP Request Smuggling exploitation Research HTTP3

https://github.com/dhmosfunk/CVE-2023-25690-POC

CVE 2023 25690 Proof of concept - mod_proxy vulnerable configuration on Apache HTTP Server versions 2.4.0 - 2.4.55 leads to HTTP Request Smuggling vulnerability.

CVE 2023 25690 - Proof of Concept Published: 7 March 2023 Base score Confidentiality Integrity impact Availability impact 98 High High High Table of contents Advisory Description Vulnerable Apache Configuration Breakdown Data Flow Lab Setup HTTP Request Splitting causing HTTP Request Smuggling on backend service Identifying the CRLF Injection Internal HTTP Reque

https://github.com/GGontijo/CTF-s

Some writeups and codes that I made along my CTF plays.

Dicas e usos de ferramentas Técnicas, Vulnerabilidades e Ferramentas que usei para referências em desafios futuros Eternal Loop: fcrackzip Photon Lockdown: unsquashfs 0xBOverchunked: sqlmap HTBank: HTTP Parameter Polution (HPP): curl --location '942375542:33198/api/withdraw' \ --form 'account="0"' \ --form 'amount

https://github.com/florentvinai/CompteRendu-CTF-Mordor

Compte rendu ctf mordor fait dans le cadre de INF805

By VINAI Florent &amp; BELKACEMI Billal COMPTE RENDU CTF MORDOR UDES MAITRISE CYBER 2023 **Introduction ** Défi #1 : Trouver la porte d’entrée de Mordor 5** **Défi #2 : Intrusion dans Mordor 6** **Défi #3 : Accès à DVWA de Samwise 12** **Défi #4 : Accès au fichier “telnetinfotxt” 14** **Défi

https://github.com/vigneshsb403/Apache-Tide-Surfing-the-Waves-of-Request-Ambiguity

CTF Challenge based on a real life CVE.

Apache-Tide-Surfing-the-Waves-of-Request-Ambiguity Install • Usage • About • Exploit • Demo Installation git clone githubcom/vigneshsb403/Apache-Tide-Surfing-the-Waves-of-Request-Ambiguitygit cd Apache-Tide-Surfing-the-Waves-of-Request-Ambiguity docker compose build docker compose up now you can vi

https://github.com/thanhlam-attt/CVE-2023-25690

CVE-2023-25690 Mô tả CVE-2023-25690: Một vài cấu hình mod_proxy trên Apache HTTP Server từ phiên bản 240 đến 2455 cho phép tấn công HTTP Request Smuggling (kỹ thuật tấn công can thiệp vào quá trình trang web xử lý các chuỗi yêu cầu HTTP nhận được t

https://github.com/nuPacaChi/-CVE-2021-44790

Thực nghiệm CVE-2021-44790

CVE-2021-44790 Mô tả CVE-2021-44790 CVE-2021-44790 mô tả một lỗi bảo mật cấp độ hệ thống nằm trong mod_lua của Apache HTTP Server, đặc biệt là trong phiên bản 2451 và các phiên bản trước đó Lỗ hổng này được kích hoạt khi hàm r:parsebody() xử lý c

References

CWE-444https://httpd.apache.org/security/vulnerabilities_24.htmlhttps://lists.debian.org/debian-lts-announce/2023/04/msg00028.htmlhttps://security.gentoo.org/glsa/202309-01http://packetstormsecurity.com/files/176334/Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032476https://nvd.nist.govhttps://github.com/tbachvarova/linux-apache-fix-mod_rewrite-spaceInURLhttps://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11https://www.debian.org/security/2023/dsa-5376
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook