Mailing List Archive

CVE-2023-27522: Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting
Severity: moderate

Description:

HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.

Special characters in the origin response header can truncate/split the response forwarded to the client.

Credit:

Dimas Fariski Setyawan Putra (nyxsorcerer) (finder)

References:

https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-27522

Timeline:

2023-01-29: Reported to security team


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org