Re: CVE-2023-38709: Apache HTTP Server: HTTP response splitting

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

https://nvd.nist.gov/vuln/detail/CVE-2023-38909

MEDIUM
------------------------------------------------------------------------------------
Otis DeWitt
Contractor with Concept Plus, LLC in support of
NOAA Fisheries NMFS / ST6  |  U.S. Department of Commerce
Office: ‪(302) 648-7481 | otis.dewitt@xxxxxxxx


"If there is no struggle, there is no progress." 


On Thu, Apr 4, 2024 at 1:46 PM Mcalexander, Jon J. <jonmcalexander@xxxxxxxxxxxxxx.invalid> wrote:

Is there a severity level for this one?

 

Dream * Excel * Explore * Inspire

Jon McAlexander

Senior Infrastructure Engineer

Asst. Vice President

He/His

 

Middleware Product Engineering

Enterprise CIO | EAS | Middleware | Infrastructure Solutions

 

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010

Tel 515-988-2508 | Cell 515-988-2508

 

jonmcalexander@xxxxxxxxxxxxxx

This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.

 

From: Eric Covener <covener@xxxxxxxxxx>
Sent: Thursday, April 4, 2024 8:57 AM
To: announce@xxxxxxxxxx; users@xxxxxxxxxxxxxxxx
Subject: CVE-2023-38709: Apache HTTP Server: HTTP response splitting

 

Affected versions: - Apache HTTP Server through 2. 4. 58 Description: Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 

 
Affected versions:
 
- Apache HTTP Server through 2.4.58
 
Description:
 
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.
 
This issue affects Apache HTTP Server: through 2.4.58.
 
Credit:
 
Orange Tsai (@orange_8361) from DEVCORE (finder)
 
References:
 
https://urldefense.com/v3/__https://httpd.apache.org/__;!!F9svGWnIaVPGSwU!vZWSYGByQMPoLmzn8sQqALUlF4E_iHa0hd7NgWXP1J4iQbaHarWSmsrOM-tWew_I3iuHcgPO7FOZTp1zBvVc3Bys$
https://urldefense.com/v3/__https://www.cve.org/CVERecord?id=CVE-2023-38709__;!!F9svGWnIaVPGSwU!vZWSYGByQMPoLmzn8sQqALUlF4E_iHa0hd7NgWXP1J4iQbaHarWSmsrOM-tWew_I3iuHcgPO7FOZTp1zBt4tO_xM$
 
 
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
 
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux