Test Kennung:	1.3.6.1.4.1.25623.1.0.104597
Kategorie:	Web Servers
Titel:	Apache HTTP Server 2.4.0 - 2.4.55 HTTP Request Smuggling Vulnerability - Linux
Zusammenfassung:	Apache HTTP Server is prone to a HTTP request smuggling; vulnerability.
Beschreibung:	Summary: Apache HTTP Server is prone to a HTTP request smuggling vulnerability. Vulnerability Insight: Some mod_proxy configurations allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. Vulnerability Impact: Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Affected Software/OS: Apache HTTP Server versions 2.4.0 through 2.4.55. Solution: Update to version 2.4.56 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2023-25690 https://security.gentoo.org/glsa/202309-01 http://packetstormsecurity.com/files/176334/Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html https://httpd.apache.org/security/vulnerabilities_24.html https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html
Copyright	Copyright (C) 2023 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.