WEB APPLICATION VULNERABILITIES Standard & Premium

Apache HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2023-27522)

Description

HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.

Remediation

References

Related Vulnerabilities

WordPress Plugin PowerPress Podcasting by Blubrry Unspecified Vulnerability (8.6.1)

ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-7366)

WordPress Plugin Shared Files-Easy Download Manager and File Sharing with Frontend File Upload Cross-Site Scripting (1.6.56)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5296)

WordPress Plugin WP Smart Security PHP Object Injection (1.0)

Severity

High

Classification

CVE-2023-27522 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities