HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client. References: https://httpd.apache.org/security/vulnerabilities_24.html https://www.openwall.com/lists/oss-security/2023/03/07/2
Created httpd tracking bugs for this issue: Affects: fedora-all [bug 2176720]
Is there a timeline for when this will be patched in RHEL9?
We will probably fix it in the next RHEL-9 release.(In reply to ryan.brothers from comment #4) > Is there a timeline for when this will be patched in RHEL9? We will probably fix it in the next RHEL-9 release.
Hy, for RHEL-8 there a RHSA to address the CVE-2023-27522 ? thks
This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2023:4628 https://access.redhat.com/errata/RHSA-2023:4628
This issue has been addressed in the following products: JBoss Core Services on RHEL 7 JBoss Core Services for RHEL 8 Via RHSA-2023:4629 https://access.redhat.com/errata/RHSA-2023:4629
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-27522
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:5049 https://access.redhat.com/errata/RHSA-2023:5049
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5050 https://access.redhat.com/errata/RHSA-2023:5050
This error also appears on this site: https://connectionsgame.io
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6403 https://access.redhat.com/errata/RHSA-2023:6403