Rewterz Threat Alert – BlackLotus Malware – Active
March 8, 2023Rewterz Threat Alert – “Stealc” – An Information Stealer Malware Found in Several Instances in the Wild – Active IOCs
March 8, 2023Rewterz Threat Alert – BlackLotus Malware – Active
March 8, 2023Rewterz Threat Alert – “Stealc” – An Information Stealer Malware Found in Several Instances in the Wild – Active IOCs
March 8, 2023Severity
Medium
Analysis Summary
CVE-2023-27522
Apache HTTP Server is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding request header by the mod_proxy_uwsgi module. By sending a specially-crafted HTTP(S) transfer-encoding request header, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
Impact
- Gain Access
Indicators Of Compromise
CVE
- CVE-2023-27522
Affected Vendors
Apache
Affected Products
- Apache HTTP Server 2.4.30
- Apache HTTP Server 2.4.55
Remediation
Upgrade to the latest version of Apache HTTP Server, available from the Apache Website.