ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2023.0100
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2023-0100)
Resumen:	The remote host is missing an update for the 'apache' package(s) announced via the MGASA-2023-0100 advisory.
Descripción:	Summary: The remote host is missing an update for the 'apache' package(s) announced via the MGASA-2023-0100 advisory. Vulnerability Insight: Some mod_proxy configurations on Apache HTTP Server allow a HTTP request smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. (CVE-2023-25690) HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server. Special characters in the origin response header can truncate/split the response forwarded to the client. (CVE-2023-27522) Affected Software/OS: 'apache' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2023-25690 https://security.gentoo.org/glsa/202309-01 http://packetstormsecurity.com/files/176334/Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html https://httpd.apache.org/security/vulnerabilities_24.html https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html Common Vulnerability Exposure (CVE) ID: CVE-2023-27522
Copyright	Copyright (C) 2023 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.