WID-SEC-W-2023-0583
Vulnerability from csaf_certbund - Published: 2023-03-07 23:00 - Updated: 2024-07-24 22:00Summary
Apache HTTP Server: Mehrere Schwachstellen ermöglichen HTTP Response Splitting
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Apache ist ein Webserver für verschiedene Plattformen.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apache HTTP Server ausnutzen, um einen Response Splitting Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Es existiert eine Schwachstelle in Apache HTTP Server. Bestimmte CRLF-Zeichenfolgen werden in mod_rewrite und mod_proxy nicht korrekt verarbeitet. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um durch speziell gestaltete Anfragen mit CRLF-Sequenzen ein HTTP Response Splitting herbeizuführen. Das kann in der Folge zur Umgehung der Zugriffskontrollen des Proxy-Servers, zur Weiterleitung unbeabsichtigter URLs an bestehende Ursprungsserver und zum Cache Poisoning führen.
Es existiert eine Schwachstelle im Apache HTTP Server. Bestimmte CRLF-Zeichenfolgen werden in mod_proxy_uwsgi nicht korrekt verarbeitet. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um durch speziell gestaltete Anfragen mit CRLF-Sequenzen ein HTTP Response Splitting herbeizuführen.
References
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apache ist ein Webserver f\u00fcr verschiedene Plattformen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apache HTTP Server ausnutzen, um einen Response Splitting Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0583 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0583.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0583 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0583"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7094964 vom 2023-12-11",
"url": "https://www.ibm.com/support/pages/node/7094964"
},
{
"category": "external",
"summary": "Apache HTTP Server 2.4 vulnerabilities vom 2023-03-07",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-7D14CDEC4A vom 2023-03-09",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-7d14cdec4a"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-54DAE7B78A vom 2023-03-09",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-54dae7b78a"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-7DF48F618B vom 2023-03-09",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-7df48f618b"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5942-1 vom 2023-03-09",
"url": "https://ubuntu.com/security/notices/USN-5942-1"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6963650 vom 2023-03-15",
"url": "https://www.ibm.com/support/pages/node/6963650"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:0764-1 vom 2023-03-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014064.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:0799-1 vom 2023-03-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014090.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5376 vom 2023-03-20",
"url": "https://lists.debian.org/debian-security-announce/2023/msg00066.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:0803-1 vom 2023-03-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014095.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6964752 vom 2023-03-21",
"url": "https://www.ibm.com/support/pages/node/6964752"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1989 vom 2023-03-22",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-1989.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5942-2 vom 2023-03-22",
"url": "https://ubuntu.com/security/notices/USN-5942-2"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1711 vom 2023-03-23",
"url": "https://alas.aws.amazon.com/ALAS-2023-1711.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:1573-1 vom 2023-03-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014155.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6966602 vom 2023-03-28",
"url": "https://www.ibm.com/support/pages/node/6966602"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6966866 vom 2023-03-29",
"url": "https://www.ibm.com/support/pages/node/6966866"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:1658-1 vom 2023-03-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014223.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1547 vom 2023-04-04",
"url": "https://access.redhat.com/errata/RHSA-2023:1547"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1596 vom 2023-04-04",
"url": "https://access.redhat.com/errata/RHSA-2023:1596"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1593 vom 2023-04-04",
"url": "https://access.redhat.com/errata/RHSA-2023:1593"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1597 vom 2023-04-04",
"url": "https://access.redhat.com/errata/RHSA-2023:1597"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-1593 vom 2023-04-05",
"url": "https://linux.oracle.com/errata/ELSA-2023-1593.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1670 vom 2023-04-07",
"url": "https://access.redhat.com/errata/RHSA-2023:1670"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1672 vom 2023-04-08",
"url": "https://access.redhat.com/errata/RHSA-2023:1672"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1673 vom 2023-04-06",
"url": "https://access.redhat.com/errata/RHSA-2023:1673"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-1673 vom 2023-04-07",
"url": "http://linux.oracle.com/errata/ELSA-2023-1673.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-1670 vom 2023-04-06",
"url": "http://linux.oracle.com/errata/ELSA-2023-1670.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1916 vom 2023-04-20",
"url": "https://access.redhat.com/errata/RHSA-2023:1916"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3401 vom 2023-04-24",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6988293 vom 2023-05-04",
"url": "https://www.ibm.com/support/pages/node/6988293"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3292 vom 2023-05-24",
"url": "https://access.redhat.com/errata/RHSA-2023:3292"
},
{
"category": "external",
"summary": "Poc auf GitHub vom 2023-05-29",
"url": "https://github.com/dhmosfunk/CVE-2023-25690-POC"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6999241 vom 2023-05-30",
"url": "https://www.ibm.com/support/pages/node/6999241"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3354 vom 2023-06-05",
"url": "https://access.redhat.com/errata/RHSA-2023:3354"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3355 vom 2023-06-05",
"url": "https://access.redhat.com/errata/RHSA-2023:3355"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX23-008 vom 2023-06-06",
"url": "https://security.business.xerox.com/wp-content/uploads/2023/06/Xerox-Security-Bulletin-XRX23-008-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v7.pdf"
},
{
"category": "external",
"summary": "Security Update for Dell NetWorker Management Console",
"url": "https://www.dell.com/support/kbdoc/de-de/000215496/dsa-2023-171-security-update-for-dell-networker-management-console-nmc-apache-http-server"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7006449 vom 2023-07-07",
"url": "https://www.ibm.com/support/pages/node/7006449"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4628 vom 2023-08-15",
"url": "https://access.redhat.com/errata/RHSA-2023:4628"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4629 vom 2023-08-15",
"url": "https://access.redhat.com/errata/RHSA-2023:4629"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7027925 vom 2023-09-01",
"url": "https://www.ibm.com/support/pages/node/7027925"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5049 vom 2023-09-11",
"url": "https://access.redhat.com/errata/RHSA-2023:5049"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5050 vom 2023-09-11",
"url": "https://access.redhat.com/errata/RHSA-2023:5050"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-5050 vom 2023-09-13",
"url": "https://linux.oracle.com/errata/ELSA-2023-5050.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7063718 vom 2023-10-31",
"url": "https://www.ibm.com/support/pages/node/7063718"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6403 vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6403"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4504 vom 2024-07-11",
"url": "https://access.redhat.com/errata/RHSA-2024:4504"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4613 vom 2024-07-25",
"url": "https://access.redhat.com/errata/RHSA-2024:4613"
}
],
"source_lang": "en-US",
"title": "Apache HTTP Server: Mehrere Schwachstellen erm\u00f6glichen HTTP Response Splitting",
"tracking": {
"current_release_date": "2024-07-24T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:46:16.789+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-0583",
"initial_release_date": "2023-03-07T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-03-07T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-03-09T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora und Ubuntu aufgenommen"
},
{
"date": "2023-03-15T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-03-16T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-03-19T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-03-20T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Debian und SUSE aufgenommen"
},
{
"date": "2023-03-21T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-03-22T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Ubuntu und Amazon aufgenommen"
},
{
"date": "2023-03-26T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-03-27T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-03-28T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-04-03T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-04-04T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2023-04-10T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2023-04-11T22:00:00.000+00:00",
"number": "15",
"summary": "Anpassung Bewertung und Text"
},
{
"date": "2023-04-20T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-04-24T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2023-05-03T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-05-24T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-05-29T22:00:00.000+00:00",
"number": "20",
"summary": "PoC aufgenommen"
},
{
"date": "2023-05-30T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-06-05T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat und XEROX aufgenommen"
},
{
"date": "2023-07-04T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2023-07-06T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-08-15T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-08-31T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-09-11T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-09-12T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-10-31T23:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-11-07T23:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-12-11T23:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-07-11T22:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-24T22:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "33"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.4.56",
"product": {
"name": "Apache HTTP Server \u003c2.4.56",
"product_id": "T026663"
}
}
],
"category": "product_name",
"name": "HTTP Server"
}
],
"category": "vendor",
"name": "Apache"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c19.9.0.1",
"product": {
"name": "Dell NetWorker \u003c19.9.0.1",
"product_id": "T028404"
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM Business Automation Workflow",
"product": {
"name": "IBM Business Automation Workflow",
"product_id": "T019704",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "8.5",
"product": {
"name": "IBM HTTP Server 8.5",
"product_id": "T003676",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:http_server:8.5"
}
}
},
{
"category": "product_version",
"name": "9",
"product": {
"name": "IBM HTTP Server 9.0",
"product_id": "T008162",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:http_server:9.0"
}
}
}
],
"category": "product_name",
"name": "HTTP Server"
},
{
"branches": [
{
"category": "product_version",
"name": "V10",
"product": {
"name": "IBM Power Hardware Management Console V10",
"product_id": "T023373",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:hardware_management_console:v10"
}
}
},
{
"category": "product_version",
"name": "DS8000",
"product": {
"name": "IBM Power Hardware Management Console DS8000",
"product_id": "T028436",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:hardware_management_console:ds8000"
}
}
}
],
"category": "product_name",
"name": "Power Hardware Management Console"
},
{
"branches": [
{
"category": "product_version",
"name": "7.5",
"product": {
"name": "IBM QRadar SIEM 7.5",
"product_id": "T022954",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.0.0.24",
"product": {
"name": "IBM Rational Build Forge \u003c8.0.0.24",
"product_id": "T030689"
}
}
],
"category": "product_name",
"name": "Rational Build Forge"
},
{
"branches": [
{
"category": "product_version",
"name": "9.0.2",
"product": {
"name": "IBM Rational ClearCase 9.0.2",
"product_id": "T021422",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_clearcase:9.0.2"
}
}
},
{
"category": "product_version",
"name": "9.1",
"product": {
"name": "IBM Rational ClearCase 9.1",
"product_id": "T021423",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_clearcase:9.1"
}
}
},
{
"category": "product_version",
"name": "10.0.0",
"product": {
"name": "IBM Rational ClearCase 10.0.0",
"product_id": "T026520",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_clearcase:10.0.0"
}
}
}
],
"category": "product_name",
"name": "Rational ClearCase"
},
{
"category": "product_name",
"name": "IBM Rational ClearQuest",
"product": {
"name": "IBM Rational ClearQuest",
"product_id": "5168",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_clearquest:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "8.2.1",
"product": {
"name": "IBM Security Access Manager for Enterprise Single Sign-On 8.2.1",
"product_id": "T005246",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_access_manager_for_enterprise_single_sign_on:8.2.1"
}
}
},
{
"category": "product_version",
"name": "8.2.2",
"product": {
"name": "IBM Security Access Manager for Enterprise Single Sign-On 8.2.2",
"product_id": "T007073",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_access_manager_for_enterprise_single_sign_on:8.2.2"
}
}
}
],
"category": "product_name",
"name": "Security Access Manager for Enterprise Single Sign-On"
},
{
"branches": [
{
"category": "product_version",
"name": "6.3.0.7",
"product": {
"name": "IBM Tivoli Monitoring 6.3.0.7",
"product_id": "342008",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_monitoring:6.3.0.7"
}
}
}
],
"category": "product_name",
"name": "Tivoli Monitoring"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Core Services",
"product": {
"name": "Red Hat JBoss Core Services",
"product_id": "T012412",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "v7",
"product": {
"name": "Xerox FreeFlow Print Server v7",
"product_id": "T015631",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v7"
}
}
}
],
"category": "product_name",
"name": "FreeFlow Print Server"
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-25690",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Apache HTTP Server. Bestimmte CRLF-Zeichenfolgen werden in mod_rewrite und mod_proxy nicht korrekt verarbeitet. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um durch speziell gestaltete Anfragen mit CRLF-Sequenzen ein HTTP Response Splitting herbeizuf\u00fchren. Das kann in der Folge zur Umgehung der Zugriffskontrollen des Proxy-Servers, zur Weiterleitung unbeabsichtigter URLs an bestehende Ursprungsserver und zum Cache Poisoning f\u00fchren."
}
],
"product_status": {
"known_affected": [
"T005246",
"67646",
"5168",
"T003676",
"T012412",
"T030689",
"T015631",
"T004914",
"74185",
"T022954",
"T021423",
"T021422",
"2951",
"T002207",
"T000126",
"T019704",
"T028404",
"398363",
"T007073",
"T008162",
"T028436",
"342008",
"T023373",
"T026520"
]
},
"release_date": "2023-03-07T23:00:00.000+00:00",
"title": "CVE-2023-25690"
},
{
"cve": "CVE-2023-27522",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle im Apache HTTP Server. Bestimmte CRLF-Zeichenfolgen werden in mod_proxy_uwsgi nicht korrekt verarbeitet. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um durch speziell gestaltete Anfragen mit CRLF-Sequenzen ein HTTP Response Splitting herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T005246",
"67646",
"5168",
"T003676",
"T012412",
"T030689",
"T015631",
"T004914",
"74185",
"T022954",
"T021423",
"T021422",
"2951",
"T002207",
"T000126",
"T019704",
"T028404",
"398363",
"T007073",
"T008162",
"T028436",
"342008",
"T023373",
"T026520"
]
},
"release_date": "2023-03-07T23:00:00.000+00:00",
"title": "CVE-2023-27522"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…