Vulnerability CVE-2023-27522: Information
Description
HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| apache2 | sisyphus | 2.4.56-alt1 | 2.4.59-alt1 | ALT-PU-2023-1402-1 | 316442 | Fixed |
| apache2 | sisyphus_e2k | 2.4.56-alt1 | 2.4.59-alt1 | ALT-PU-2023-2833-1 | - | Fixed |
| apache2 | sisyphus_riscv64 | 2.4.56-alt1 | 2.4.59-alt1 | ALT-PU-2023-2805-1 | - | Fixed |
| apache2 | p10 | 2.4.56-alt1 | 2.4.59-alt1 | ALT-PU-2023-1452-1 | 316447 | Fixed |
| apache2 | p10_e2k | 2.4.56-alt1 | 2.4.59-alt1 | ALT-PU-2023-2883-1 | - | Fixed |
| apache2 | p9 | 2.4.57-alt2 | 2.4.58-alt1 | ALT-PU-2023-2055-1 | 323347 | Fixed |
| apache2 | p9_e2k | 2.4.57-alt2 | 2.4.57-alt2 | ALT-PU-2023-5379-1 | - | Fixed |
| apache2 | c10f1 | 2.4.56-alt1 | 2.4.59-alt1 | ALT-PU-2023-1452-1 | 316447 | Fixed |
| apache2 | c9f2 | 2.4.56-alt1 | 2.4.59-alt1 | ALT-PU-2023-1437-1 | 316469 | Fixed |
| uwsgi | sisyphus | 2.0.23-alt1 | 2.0.23-alt1 | ALT-PU-2023-7559-2 | 335015 | Fixed |
| uwsgi | sisyphus_e2k | 2.0.23-alt1 | 2.0.23-alt1 | ALT-PU-2023-7609-1 | - | Fixed |
| uwsgi | sisyphus_riscv64 | 2.0.23-alt1 | 2.0.23-alt1 | ALT-PU-2023-7605-1 | - | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
|---|---|
| https://httpd.apache.org/security/vulnerabilities_24.html |
|
| https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html |
|
| https://security.gentoo.org/glsa/202309-01 |