ALT-PU-2024-10796-2

Package update uwsgi in branch c10f1

Version2.0.23-alt1

Published2024-08-07

Max severityHIGH

Severity:

Closed issues (2)

HIGH8.6

Уязвимость компонента mod_proxy_uwsgi веб-сервера Apache HTTP Server связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю выполнять атаку "контрабанда HTTP-запросов"

Published: 2023-04-13Modified: 2025-08-19

CVSS 3.xHIGH 8.6

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

CVSS 2.0CRITICAL 9.0

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:C/A:P

References

CVE-2023-27522

HIGH7.5

HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.

Published: 2023-03-07Modified: 2025-05-01

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References