Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Zoho ManageEngine Products Vulnerabilities
March 8, 2023
Rewterz
Rewterz Threat Advisory – CVE-2023-23638 – Apache Dubbo Vulnerability
March 9, 2023

Rewterz Threat Advisory – Multiple Apache HTTP Server Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2022-27522 CVSS:6.1

Apache HTTP Server is vulnerable to HTTP response splitting attacks, caused by an error in mod_proxy_uwsgi. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information.

CVE-2023-25690 CVSS:6.1

Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by an error when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch. A remote attacker could exploit this vulnerability to bypass access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning.

Impact

  • Gain Access

Indicators Of Compromise

CVE

  • CVE-2022-27522
  • CVE-2023-25690

Affected Vendors

Apache

Affected Products

  • Apache HTTP Server 2.4.0
  • Apache HTTP Server 2.4.1
  • Apache HTTP Server 2.4.2
  • Apache HTTP Server 2.4.3
  • Apache HTTP Server 2.4.4
  • Apache HTTP Server 2.4.7
  • Apache HTTP Server 2.4.6
  • Apache HTTP Server 2.4.10
  • Apache HTTP Server 2.4.12
  • Apache HTTP Server 2.4.18
  • Apache HTTP Server 2.4.20
  • Apache HTTP Server 2.4.17
  • Apache HTTP Server 2.4.23
  • Apache HTTP Server 2.4.29
  • Apache HTTP Server 2.4.33
  • Apache HTTP Server 2.4.34
  • Apache HTTP Server 2.4.35
  • Apache HTTP Server 2.4.37
  • Apache HTTP Server 2.4.39
  • Apache HTTP Server 2.4.41
  • Apache HTTP Server 2.4.43
  • Apache HTTP Server 2.4.46
  • Apache HTTP Server 2.4.48
  • Apache HTTP Server 2.4.49
  • Apache HTTP Server 2.4.50
  • Apache HTTP Server 2.4.5
  • Apache HTTP Server 2.2.29
  • Apache HTTP Server 2.4.30
  • Apache HTTP Server 2.2.31
  • Apache HTTP Server 2.4.36
  • Apache HTTP Server 2.4.38
  • Apache HTTP Server 2.4.16
  • Apache HTTP Server 2.4.51
  • Apache HTTP Server 2.4.52
  • Apache HTTP Server 2.4.53
  • Apache HTTP Server 2.4.54
  • Apache HTTP Server 2.4.8

Remediation

Upgrade to the latest version of Apache HTTP Server, available from the Apache Web site.

Apache Web site