https://nvd.nist.gov/vuln/detail/CVE-2023-38909
MEDIUM
Otis DeWitt
Contractor with Concept Plus, LLC in support of
NOAA Fisheries NMFS / ST6 | U.S. Department of Commerce
Office: (302) 648-7481 | otis.dew...@no
Is there a severity level for this one?
Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His
Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions
8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-01
Severity: low
Affected versions:
- Apache HTTP Server 2.4.0 through 2.4.58
Description:
HTTP Response splitting in multiple modules in Apache HTTP Server allows an
attacker that can inject malicious response headers into backend applications
to cause an HTTP desynchronization attack.
Users
Affected versions:
- Apache HTTP Server through 2.4.58
Description:
Faulty input validation in the core of Apache allows malicious or exploitable
backend/content generators to split HTTP responses.
This issue affects Apache HTTP Server: through 2.4.58.
Credit:
Orange Tsai (@orange_8361) fr
Severity: moderate
Affected versions:
- Apache HTTP Server 2.4.17 through 2.4.58
Description:
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2
in order to generate an informative HTTP 413 response. If a client does not
stop sending headers, this leads to memor