Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News
Sign In Sign Up

Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522)

Medium
I
Internet Bug Bounty
Submitted None

Team Summary

Official summary from Internet Bug Bounty

HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client. Acknowledgements: finder: Dimas Fariski Setyawan Putra (nyxsorcerer) Security Advisory: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-27522

Actions:
View on HackerOne
Reported by nyxsorcerer

Vulnerability Details

Technical details and impact analysis

HTTP Response Splitting
#Summary HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client. https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-27522 ## Impact The response headers can be truncated, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.

Related CVEs

Associated Common Vulnerabilities and Exposures

CVE-2023-27522 UNKNOWN

HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

HTTP Response Splitting