CVE-2023-27522

Updated: 2023-11-04 20:40:34.008714

Description:

HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU httpd 2.4.53 7.5 HIGH Released CLSA-2023:1701706552 2023-12-04 13:10:02
CentOS 8.4 ELS httpd 2.4.37 7.5 HIGH Released CLSA-2023:1679000716 2023-03-16 21:02:31
CentOS 8.5 ELS httpd 2.4.37 7.5 HIGH Released CLSA-2023:1679000442 2023-03-16 17:03:53
Ubuntu 16.04 ELS apache2 2.4.18 7.5 HIGH Not Vulnerable 2023-06-28 09:11:41
Ubuntu 18.04 ELS apache2 2.4.29 7.5 HIGH Not Vulnerable 2023-06-12 09:04:26

Statement

Will not fix: low score