MGASA-2023-0100

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2023-25690 CVE-2023-27522

Published: 18 Mar 2023, 22:16

Last modified:16 Apr 2026, 04:23

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

18 Mar 2023, 22:16

Published

Vulnerability first disclosed

16 Apr 2026, 04:23

Last Modified

Vulnerability information updated

Description

Updated apache packages fix security vulnerability Some mod_proxy configurations on Apache HTTP Server allow a HTTP request smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. (CVE-2023-25690) HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server. Special characters in the origin response header can truncate/split the response forwarded to the client. (CVE-2023-27522)

Affected Systems

mageia•apache
< 2.4.56-1.mga8

MGASA-2023-0100

Vulnerability Summary

Timeline

Description

Affected Systems

References (3)