Apache HTTP Server HTTP Request Smuggling Vulnerability
漏洞信息
漏洞名称: Apache HTTP Server HTTP Request Smuggling Vulnerability
漏洞编号:
- CVE: CVE-2023-25690
漏洞类型: 服务器端请求伪造
漏洞等级: 严重
漏洞描述: Apache HTTP Server是一款广泛使用的开源Web服务器软件,支持多种平台,被部署在全球数以百万计的网站上,用于提供网页服务。此次漏洞影响版本为2.4.0至2.4.55。漏洞的具体类型为HTTP请求走私(HTTP Request Smuggling),这是由于mod_proxy配置中存在缺陷,当使用RewriteRule或ProxyPassMatch匹配用户提供的URL数据并重新插入到代理请求中时,攻击者可以利用这一缺陷绕过访问控制、代理非预期的URL以及污染缓存。漏洞的利用需要特定的配置和变量替换。这种漏洞的存在可能导致严重的安全风险,包括但不限于未授权访问敏感数据、服务中断以及潜在的远程代码执行。由于Apache HTTP Server的广泛使用,该漏洞的影响范围非常广泛,攻击者可以在不需要认证的情况下利用此漏洞,且有可能自动化利用。
产品厂商: Apache
产品名称: Apache HTTP Server
影响版本: 2.4.0 <= version <= 2.4.55
搜索语法: cpe:”cpe:2.3:a:apache:http_server”
来源: https://github.com/projectdiscovery/nuclei-templates/issues/12455
类型: projectdiscovery/nuclei-templates:github issues
来源概述
Description:
Apache HTTP Server versions 2.4.0 through 2.4.55 contain a HTTP Request Smuggling caused by vulnerable mod_proxy configurations with RewriteRule or ProxyPassMatch that match user-supplied URL data and re-insert it into proxied requests, letting attackers bypass access controls, proxy unintended URLs, and poison caches, exploit requires specific configuration with variable substitution.
Severity: Critical
POC:
- https://github.com/oOCyginXOo/CVE-2023-25690-POC
- https///github.com:oOCyginXOo/CVE-2023-25690-POC.git
- https://vulncheck.com/xdb/60881b97bbc7
- https://github.com/thanhlam-attt/CVE-2023-25690
- https///github.com:thanhlam-attt/CVE-2023-25690.git
- https://vulncheck.com/xdb/760ecae2eb62
- https://github.com/dhmosfunk/CVE-2023-25690-POC
- https///github.com:dhmosfunk/CVE-2023-25690-POC.git
- https://github.com/tbachvarova/linux-apache-fix-mod_rewrite-spaceInURL
KEV: True
Shodan Query: cpe:"cpe:2.3:a:apache:http_server"
Acceptance Criteria: The template must include a complete POC and should not rely solely on version-based detection. Contributors are required to provide debug data(
-debug) along with the template to help the triage team with validation or can also share a vulnerable environment like docker file.
Rewards will only be given once the template is fully validated by the team. Templates that are incomplete or invalid will not be accepted. Avoid adding code templates for CVEs that can be achieved using HTTP, TCP, or JavaScript. Such templates are blocked by default and won’t produce results, so we prioritize creating templates with other protocols unless exceptions are made.
You can check the FAQ for the Nuclei Templates Community Rewards Program here.