Re: [users@httpd] CVE-2023-38709: Apache HTTP Server: HTTP response splitting
https://nvd.nist.gov/vuln/detail/CVE-2023-38909 MEDIUM Otis DeWitt Contractor with Concept Plus, LLC in support of NOAA Fisheries NMFS / ST6 | U.S. Department of Commerce Office: (302) 648-7481 | otis.dew...@noaa.gov "If there is no struggle, there is no progress." On Thu, Apr 4, 2024 at 1:46 PM Mcalexander, Jon J. wrote: > Is there a severity level for this one? > > > > *Dream * Excel * Explore * Inspire* > > Jon McAlexander > > Senior Infrastructure Engineer > > Asst. Vice President > > He/His > > > > Middleware Product Engineering > > Enterprise CIO | EAS | Middleware | Infrastructure Solutions > > > > 8080 Cobblestone Rd | Urbandale, IA 50322 > MAC: F4469-010 > > Tel 515-988-2508 | Cell 515-988-2508 > > > > jonmcalexan...@wellsfargo.com > > This message may contain confidential and/or privileged information. If > you are not the addressee or authorized to receive this for the addressee, > you must not use, copy, disclose, or take any action based on this message > or any information herein. If you have received this message in error, > please advise the sender immediately by reply e-mail and delete this > message. Thank you for your cooperation. > > > > *From:* Eric Covener > *Sent:* Thursday, April 4, 2024 8:57 AM > *To:* annou...@apache.org; users@httpd.apache.org > *Subject:* [users@httpd] CVE-2023-38709: Apache HTTP Server: HTTP > response splitting > > > > Affected versions: - Apache HTTP Server through 2. 4. 58 Description: > Faulty input validation in the core of Apache allows malicious or > exploitable backend/content generators to split HTTP responses. This issue > affects Apache HTTP Server: through > > > > Affected versions: > > > > - Apache HTTP Server through 2.4.58 > > > > Description: > > > > Faulty input validation in the core of Apache allows malicious or exploitable > backend/content generators to split HTTP responses. > > > > This issue affects Apache HTTP Server: through 2.4.58. > > > > Credit: > > > > Orange Tsai (@orange_8361) from DEVCORE (finder) > > > > References: > > > > https://urldefense.com/v3/__https://httpd.apache.org/__;!!F9svGWnIaVPGSwU!vZWSYGByQMPoLmzn8sQqALUlF4E_iHa0hd7NgWXP1J4iQbaHarWSmsrOM-tWew_I3iuHcgPO7FOZTp1zBvVc3Bys$ > > <https://urldefense.com/v3/__https:/httpd.apache.org/__;!!F9svGWnIaVPGSwU!vZWSYGByQMPoLmzn8sQqALUlF4E_iHa0hd7NgWXP1J4iQbaHarWSmsrOM-tWew_I3iuHcgPO7FOZTp1zBvVc3Bys$> > > https://urldefense.com/v3/__https://www.cve.org/CVERecord?id=CVE-2023-38709__;!!F9svGWnIaVPGSwU!vZWSYGByQMPoLmzn8sQqALUlF4E_iHa0hd7NgWXP1J4iQbaHarWSmsrOM-tWew_I3iuHcgPO7FOZTp1zBt4tO_xM$ > > <https://urldefense.com/v3/__https:/www.cve.org/CVERecord?id=CVE-2023-38709__;!!F9svGWnIaVPGSwU!vZWSYGByQMPoLmzn8sQqALUlF4E_iHa0hd7NgWXP1J4iQbaHarWSmsrOM-tWew_I3iuHcgPO7FOZTp1zBt4tO_xM$> > > > > > > - > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > > For additional commands, e-mail: users-h...@httpd.apache.org > > > >
RE: [users@httpd] CVE-2023-38709: Apache HTTP Server: HTTP response splitting
Is there a severity level for this one? Dream * Excel * Explore * Inspire Jon McAlexander Senior Infrastructure Engineer Asst. Vice President He/His Middleware Product Engineering Enterprise CIO | EAS | Middleware | Infrastructure Solutions 8080 Cobblestone Rd | Urbandale, IA 50322 MAC: F4469-010 Tel 515-988-2508 | Cell 515-988-2508 jonmcalexan...@wellsfargo.com<mailto:jonmcalexan...@wellsfargo.com> This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. From: Eric Covener Sent: Thursday, April 4, 2024 8:57 AM To: annou...@apache.org; users@httpd.apache.org Subject: [users@httpd] CVE-2023-38709: Apache HTTP Server: HTTP response splitting Affected versions: - Apache HTTP Server through 2. 4. 58 Description: Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through Affected versions: - Apache HTTP Server through 2.4.58 Description: Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. Credit: Orange Tsai (@orange_8361) from DEVCORE (finder) References: https://urldefense.com/v3/__https://httpd.apache.org/__;!!F9svGWnIaVPGSwU!vZWSYGByQMPoLmzn8sQqALUlF4E_iHa0hd7NgWXP1J4iQbaHarWSmsrOM-tWew_I3iuHcgPO7FOZTp1zBvVc3Bys$<https://urldefense.com/v3/__https:/httpd.apache.org/__;!!F9svGWnIaVPGSwU!vZWSYGByQMPoLmzn8sQqALUlF4E_iHa0hd7NgWXP1J4iQbaHarWSmsrOM-tWew_I3iuHcgPO7FOZTp1zBvVc3Bys$> https://urldefense.com/v3/__https://www.cve.org/CVERecord?id=CVE-2023-38709__;!!F9svGWnIaVPGSwU!vZWSYGByQMPoLmzn8sQqALUlF4E_iHa0hd7NgWXP1J4iQbaHarWSmsrOM-tWew_I3iuHcgPO7FOZTp1zBt4tO_xM$<https://urldefense.com/v3/__https:/www.cve.org/CVERecord?id=CVE-2023-38709__;!!F9svGWnIaVPGSwU!vZWSYGByQMPoLmzn8sQqALUlF4E_iHa0hd7NgWXP1J4iQbaHarWSmsrOM-tWew_I3iuHcgPO7FOZTp1zBt4tO_xM$> - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org<mailto:users-unsubscr...@httpd.apache.org> For additional commands, e-mail: users-h...@httpd.apache.org<mailto:users-h...@httpd.apache.org>
[users@httpd] CVE-2023-38709: Apache HTTP Server: HTTP response splitting
Affected versions: - Apache HTTP Server through 2.4.58 Description: Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. Credit: Orange Tsai (@orange_8361) from DEVCORE (finder) References: https://httpd.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-38709 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org