Rewterz Threat Advisory – Multiple Zoho ManageEngine Products Vulnerabilities
March 8, 2023Rewterz Threat Advisory – CVE-2023-23638 – Apache Dubbo Vulnerability
March 9, 2023Rewterz Threat Advisory – Multiple Zoho ManageEngine Products Vulnerabilities
March 8, 2023Rewterz Threat Advisory – CVE-2023-23638 – Apache Dubbo Vulnerability
March 9, 2023Severity
Medium
Analysis Summary
CVE-2022-27522 CVSS:6.1
Apache HTTP Server is vulnerable to HTTP response splitting attacks, caused by an error in mod_proxy_uwsgi. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information.
CVE-2023-25690 CVSS:6.1
Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by an error when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch. A remote attacker could exploit this vulnerability to bypass access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning.
Impact
- Gain Access
Indicators Of Compromise
CVE
- CVE-2022-27522
- CVE-2023-25690
Affected Vendors
Apache
Affected Products
- Apache HTTP Server 2.4.0
- Apache HTTP Server 2.4.1
- Apache HTTP Server 2.4.2
- Apache HTTP Server 2.4.3
- Apache HTTP Server 2.4.4
- Apache HTTP Server 2.4.7
- Apache HTTP Server 2.4.6
- Apache HTTP Server 2.4.10
- Apache HTTP Server 2.4.12
- Apache HTTP Server 2.4.18
- Apache HTTP Server 2.4.20
- Apache HTTP Server 2.4.17
- Apache HTTP Server 2.4.23
- Apache HTTP Server 2.4.29
- Apache HTTP Server 2.4.33
- Apache HTTP Server 2.4.34
- Apache HTTP Server 2.4.35
- Apache HTTP Server 2.4.37
- Apache HTTP Server 2.4.39
- Apache HTTP Server 2.4.41
- Apache HTTP Server 2.4.43
- Apache HTTP Server 2.4.46
- Apache HTTP Server 2.4.48
- Apache HTTP Server 2.4.49
- Apache HTTP Server 2.4.50
- Apache HTTP Server 2.4.5
- Apache HTTP Server 2.2.29
- Apache HTTP Server 2.4.30
- Apache HTTP Server 2.2.31
- Apache HTTP Server 2.4.36
- Apache HTTP Server 2.4.38
- Apache HTTP Server 2.4.16
- Apache HTTP Server 2.4.51
- Apache HTTP Server 2.4.52
- Apache HTTP Server 2.4.53
- Apache HTTP Server 2.4.54
- Apache HTTP Server 2.4.8
Remediation
Upgrade to the latest version of Apache HTTP Server, available from the Apache Web site.