CVE-2023-25690

CVSS-Score: 9.8 EPSS (FIRST): Score -, Perzentil - EPSS Stand: - Veroeffentlicht (CVE.org): 2023-03-07 Zuletzt angereichert: 2026-05-14 20:48 UTC

### Eintraege mit Bezug zu CVE-2023-25690

CVE-2023-25690: Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning.

 2023-03-07 00:00 CRITICAL Apache HTTP Server Security (httpd.org JSON) vendor_advisory
Alle CVEs