Bugzilla – Bug 1209047
VUL-0: CVE-2023-25690: apache2: HTTP request splitting with mod_rewrite and mod_proxy
Last modified: 2024-05-06 08:23:56 UTC
CVE-2023-25690 Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25690 https://bugzilla.redhat.com/show_bug.cgi?id=2176209 https://www.cve.org/CVERecord?id=CVE-2023-25690 https://seclists.org/oss-sec/2023/q1/131 https://httpd.apache.org/security/vulnerabilities_24.html
Commit with the fixes: https://svn.apache.org/viewvc?view=revision&revision=r1908095
Everything was fixed. Sending back to security for review. Factory submission: https://build.opensuse.org/request/show/1070268
SUSE-SU-2023:0764-1: An update that solves two vulnerabilities and has two fixes can now be installed. Category: security (important) Bug References: 1207327, 1208708, 1209047, 1209049 CVE References: CVE-2023-25690, CVE-2023-27522 Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): apache2-2.4.51-35.25.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): apache2-2.4.51-35.25.1 SUSE Linux Enterprise Server 12 SP5 (src): apache2-2.4.51-35.25.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): apache2-2.4.51-35.25.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:0799-1: An update that solves two vulnerabilities and has one fix can now be installed. Category: security (important) Bug References: 1208708, 1209047, 1209049 CVE References: CVE-2023-25690, CVE-2023-27522 Sources used: SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): apache2-2.4.33-150000.3.75.1 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): apache2-2.4.33-150000.3.75.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): apache2-2.4.33-150000.3.75.1 SUSE CaaS Platform 4.0 (src): apache2-2.4.33-150000.3.75.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:0803-1: An update that solves one vulnerability and has one fix can now be installed. Category: security (important) Bug References: 1208708, 1209047 CVE References: CVE-2023-25690 Sources used: SUSE OpenStack Cloud 9 (src): apache2-2.4.23-29.97.1 SUSE OpenStack Cloud Crowbar 9 (src): apache2-2.4.23-29.97.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4 (src): apache2-2.4.23-29.97.1 SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (src): apache2-2.4.23-29.97.1 SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (src): apache2-2.4.23-29.97.1 SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (src): apache2-2.4.23-29.97.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:1573-1: An update that solves two vulnerabilities and has two fixes can now be installed. Category: security (important) Bug References: 1207327, 1208708, 1209047, 1209049 CVE References: CVE-2023-25690, CVE-2023-27522 Sources used: SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): apache2-2.4.51-150200.3.56.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): apache2-2.4.51-150200.3.56.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): apache2-2.4.51-150200.3.56.1 SUSE Linux Enterprise Real Time 15 SP3 (src): apache2-2.4.51-150200.3.56.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): apache2-2.4.51-150200.3.56.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): apache2-2.4.51-150200.3.56.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): apache2-2.4.51-150200.3.56.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): apache2-2.4.51-150200.3.56.1 SUSE Manager Proxy 4.2 (src): apache2-2.4.51-150200.3.56.1 SUSE Manager Retail Branch Server 4.2 (src): apache2-2.4.51-150200.3.56.1 SUSE Manager Server 4.2 (src): apache2-2.4.51-150200.3.56.1 SUSE Enterprise Storage 7.1 (src): apache2-2.4.51-150200.3.56.1 SUSE Enterprise Storage 7 (src): apache2-2.4.51-150200.3.56.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:1658-1: An update that solves two vulnerabilities and has two fixes can now be installed. Category: security (important) Bug References: 1207327, 1208708, 1209047, 1209049 CVE References: CVE-2023-25690, CVE-2023-27522 Sources used: openSUSE Leap 15.4 (src): apache2-2.4.51-150400.6.11.1 Basesystem Module 15-SP4 (src): apache2-2.4.51-150400.6.11.1 SUSE Package Hub 15 15-SP4 (src): apache2-2.4.51-150400.6.11.1 Server Applications Module 15-SP4 (src): apache2-2.4.51-150400.6.11.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done, closing