FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-24 03:12:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
8edeb3c1-bfe7-11ed-96f5-3497f65b111b	Apache httpd -- Multiple vulnerabilities The Apache httpd project reports: CVE-2023-27522: Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting (cve.mitre.org). HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client. CVE-2023-25690: HTTP request splitting with mod_rewrite and mod_proxy (cve.mitre.org). Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. Discovery 2023-03-08 Entry 2023-03-11 apache24 < 2.4.56 CVE-2023-25690 CVE-2023-27522 https://downloads.apache.org/httpd/CHANGES_2.4.56

VuXML ID

Description

8edeb3c1-bfe7-11ed-96f5-3497f65b111b

Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports:

CVE-2023-27522: Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting (cve.mitre.org). HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.

CVE-2023-25690: HTTP request splitting with mod_rewrite and mod_proxy (cve.mitre.org). Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution.

Discovery 2023-03-08
Entry 2023-03-11
apache24

< 2.4.56

CVE-2023-25690
CVE-2023-27522
https://downloads.apache.org/httpd/CHANGES_2.4.56