FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-24 03:12:49 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
8edeb3c1-bfe7-11ed-96f5-3497f65b111b | Apache httpd -- Multiple vulnerabilities
The Apache httpd project reports:
- CVE-2023-27522: Apache HTTP Server: mod_proxy_uwsgi
HTTP response splitting (cve.mitre.org).
HTTP Response Smuggling vulnerability in Apache HTTP Server
via mod_proxy_uwsgi. This issue affects Apache HTTP Server:
from 2.4.30 through 2.4.55.
Special characters in the origin response header can
truncate/split the response forwarded to the client.
- CVE-2023-25690: HTTP request splitting with mod_rewrite
and mod_proxy (cve.mitre.org).
Some mod_proxy configurations on Apache HTTP Server versions
2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.
Configurations are affected when mod_proxy is enabled along
with some form of RewriteRule or ProxyPassMatch in which a
non-specific pattern matches some portion of the user-supplied
request-target (URL) data and is then re-inserted into the
proxied request-target using variable substitution.
Discovery 2023-03-08 Entry 2023-03-11 apache24
< 2.4.56
CVE-2023-25690
CVE-2023-27522
https://downloads.apache.org/httpd/CHANGES_2.4.56
|