Description
Some mod_proxy configurations on Apache HTTP Server allow a HTTP request
smuggling attack. Configurations are affected when mod_proxy is enabled
along with some form of RewriteRule or ProxyPassMatch in which a
non-specific pattern matches some portion of the user-supplied
request-target (URL) data and is then re-inserted into the proxied
request-target using variable substitution. (CVE-2023-25690)
HTTP Response Smuggling vulnerability in Apache HTTP Server via
mod_proxy_uwsgi. This issue affects Apache HTTP Server. Special
characters in the origin response header can truncate/split the response
forwarded to the client. (CVE-2023-27522)