https://nvd.nist.gov/vuln/detail/CVE-2023-38909
MEDIUM ------------------------------------------------------------------------------------ Otis DeWitt Contractor with Concept Plus, LLC in support of NOAA Fisheries NMFS / ST6 | U.S. Department of Commerce Office: (302) 648-7481 | otis.dew...@noaa.gov "If there is no struggle, there is no progress." On Thu, Apr 4, 2024 at 1:46 PM Mcalexander, Jon J. <jonmcalexan...@wellsfargo.com.invalid> wrote: > Is there a severity level for this one? > > > > *Dream * Excel * Explore * Inspire* > > Jon McAlexander > > Senior Infrastructure Engineer > > Asst. Vice President > > He/His > > > > Middleware Product Engineering > > Enterprise CIO | EAS | Middleware | Infrastructure Solutions > > > > 8080 Cobblestone Rd | Urbandale, IA 50322 > MAC: F4469-010 > > Tel 515-988-2508 | Cell 515-988-2508 > > > > jonmcalexan...@wellsfargo.com > > This message may contain confidential and/or privileged information. If > you are not the addressee or authorized to receive this for the addressee, > you must not use, copy, disclose, or take any action based on this message > or any information herein. If you have received this message in error, > please advise the sender immediately by reply e-mail and delete this > message. Thank you for your cooperation. > > > > *From:* Eric Covener <cove...@apache.org> > *Sent:* Thursday, April 4, 2024 8:57 AM > *To:* annou...@apache.org; users@httpd.apache.org > *Subject:* [users@httpd] CVE-2023-38709: Apache HTTP Server: HTTP > response splitting > > > > Affected versions: - Apache HTTP Server through 2. 4. 58 Description: > Faulty input validation in the core of Apache allows malicious or > exploitable backend/content generators to split HTTP responses. This issue > affects Apache HTTP Server: through > > > > Affected versions: > > > > - Apache HTTP Server through 2.4.58 > > > > Description: > > > > Faulty input validation in the core of Apache allows malicious or exploitable > backend/content generators to split HTTP responses. > > > > This issue affects Apache HTTP Server: through 2.4.58. > > > > Credit: > > > > Orange Tsai (@orange_8361) from DEVCORE (finder) > > > > References: > > > > https://urldefense.com/v3/__https://httpd.apache.org/__;!!F9svGWnIaVPGSwU!vZWSYGByQMPoLmzn8sQqALUlF4E_iHa0hd7NgWXP1J4iQbaHarWSmsrOM-tWew_I3iuHcgPO7FOZTp1zBvVc3Bys$ > > <https://urldefense.com/v3/__https:/httpd.apache.org/__;!!F9svGWnIaVPGSwU!vZWSYGByQMPoLmzn8sQqALUlF4E_iHa0hd7NgWXP1J4iQbaHarWSmsrOM-tWew_I3iuHcgPO7FOZTp1zBvVc3Bys$> > > https://urldefense.com/v3/__https://www.cve.org/CVERecord?id=CVE-2023-38709__;!!F9svGWnIaVPGSwU!vZWSYGByQMPoLmzn8sQqALUlF4E_iHa0hd7NgWXP1J4iQbaHarWSmsrOM-tWew_I3iuHcgPO7FOZTp1zBt4tO_xM$ > > <https://urldefense.com/v3/__https:/www.cve.org/CVERecord?id=CVE-2023-38709__;!!F9svGWnIaVPGSwU!vZWSYGByQMPoLmzn8sQqALUlF4E_iHa0hd7NgWXP1J4iQbaHarWSmsrOM-tWew_I3iuHcgPO7FOZTp1zBt4tO_xM$> > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > > For additional commands, e-mail: users-h...@httpd.apache.org > > > >
