Описание
HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response.
This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP Server 2.4.59 did not address the issue.
Users are recommended to upgrade to version 2.4.64, which fixes this issue.
A flaw was found in httpd. The response headers are not sanitized before an HTTP response is sent when a malicious backend can insert a Content-Type, Content-Encoding, or some other headers. These issues lead to HTTP response splitting. This CVE provides a "complete" fix for CVE-2023-38709.
Отчет
This flaw is only exploitable by a malicious backend or a malicious application, but may also affect forward proxy configurations. This issue is classified as a Moderate vulnerability because successful exploitation requires a highly specific and constrained setup. Namely, the attacker must already have the ability to influence backend responses—such as injecting malicious headers like Content-Type or Content-Encoding—which typically implies a compromised or poorly controlled upstream service. In properly configured systems, frontend servers like Apache sanitize or strictly validate backend output, limiting exposure. Furthermore, HTTP response splitting does not inherently lead to remote code execution or privilege escalation on the server itself; instead, its effects are typically confined to manipulating client-side behavior such as caching or redirection.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | httpd | Fix deferred | ||
| Red Hat Enterprise Linux 6 | httpd | Out of support scope | ||
| Red Hat Enterprise Linux 7 | httpd | Out of support scope | ||
| Red Hat Enterprise Linux 8 | httpd:2.4/httpd | Fix deferred | ||
| Red Hat Enterprise Linux 9 | httpd | Fix deferred | ||
| Red Hat JBoss Core Services | httpd | Fix deferred | ||
| Red Hat JBoss Core Services | jbcs-httpd24-httpd | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
6.8 Medium
CVSS3
Связанные уязвимости
HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP Server 2.4.59 did not address the issue. Users are recommended to upgrade to version 2.4.64, which fixes this issue.
HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP Server 2.4.59 did not address the issue. Users are recommended to upgrade to version 2.4.64, which fixes this issue.
HTTP response splitting in the core of Apache HTTP Server allows an at ...
HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP Server 2.4.59 did not address the issue. Users are recommended to upgrade to version 2.4.64, which fixes this issue.
EPSS
6.8 Medium
CVSS3