The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1573-1 advisory.

  - Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request     Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of     RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied     request-target (URL) data and is then re-inserted into the proxied request-target using variable     substitution. For example, something like: RewriteEngine on RewriteRule ^/here/(.*)     http://example.com:8080/elsewhere?$1; [P] ProxyPassReverse /here/ http://example.com:8080/ Request     splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended     URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version     2.4.56 of Apache HTTP Server. (CVE-2023-25690)

  - HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache     HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can     truncate/split the response forwarded to the client. (CVE-2023-27522)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1593 advisory.

    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

    Security Fix(es):

    * httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-1593 advisory.

    - mod_proxy: ap_proxy_http_request() to clear hop-by-hop first and       fixup last [CVE-2022-31813][Orabug: 34381850]
    - mod_session: save one apr_strtok() [Orabug: 33338149][CVE-2021-26690]

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1673 advisory.

    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

    Security Fix(es):

    * httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-1673 advisory.

    - Resolves: #2177747 - CVE-2023-25690 httpd:2.4/httpd: HTTP request splitting       with mod_rewrite and mod_proxy
    - Resolves: #2165976 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write       of zero byte
    - Resolves: #2165977 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting
    - Resolves: #2165978 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request       smuggling

    mod_http2

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:1670 advisory.

  - Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request     Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of     RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied     request-target (URL) data and is then re-inserted into the proxied request-target using variable     substitution. For example, something like: RewriteEngine on RewriteRule ^/here/(.*)     http://example.com:8080/elsewhere?$1; [P] ProxyPassReverse /here/ http://example.com:8080/ Request     splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended     URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version     2.4.56 of Apache HTTP Server. (CVE-2023-25690)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request     Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of     RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied     request-target (URL) data and is then re-inserted into the proxied request-target using variable     substitution. For example, something like: RewriteEngine on RewriteRule '^/here/(.*)'     'http://example.com:8080/elsewhere?$1'; [P] ProxyPassReverse /here/ http://example.com:8080/ Request     splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended     URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version     2.4.56 of Apache HTTP Server. (CVE-2023-25690)

  - HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache     HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can     truncate/split the response forwarded to the client. (CVE-2023-27522)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request     Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of     RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied     request-target (URL) data and is then re-inserted into the proxied request-target using variable     substitution. For example, something like: RewriteEngine on RewriteRule '^/here/(.*)'     'http://example.com:8080/elsewhere?$1'; [P] ProxyPassReverse /here/ http://example.com:8080/ Request     splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended     URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version     2.4.56 of Apache HTTP Server. (CVE-2023-25690)

  - HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache     HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can     truncate/split the response forwarded to the client. (CVE-2023-27522)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of httpd24 installed on the remote host is prior to 2.4.56-1.100. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1711 advisory.

    A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool     (heap) memory location beyond the header value sent. This could cause the process to crash. This issue     affects Apache HTTP Server 2.4.54 and earlier. (CVE-2006-20001)

    Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of     Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This     issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.
    (CVE-2022-36760)

    Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated     early, resulting in some headers being incorporated into the response body. If the later headers have any     security purpose, they will not be interpreted by the client. (CVE-2022-37436)

    Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request     Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of     RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied     request-target (URL) data and is then re-inserted into the proxied request-target using variable     substitution. For example, something like: RewriteEngine on RewriteRule ^/here/(.*)     http://example.com:8080/elsewhere?$1; [P] ProxyPassReverse /here/ http://example.com:8080/ Request     splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended     URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version     2.4.56 of Apache HTTP Server. (CVE-2023-25690)

    HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache     HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can     truncate/split the response forwarded to the client. (CVE-2023-27522)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool     (heap) memory location beyond the header value sent. This could cause the process to crash. This issue     affects Apache HTTP Server 2.4.54 and earlier. (CVE-2006-20001)

  - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of     Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This     issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.
    (CVE-2022-36760)

  - Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated     early, resulting in some headers being incorporated into the response body. If the later headers have any     security purpose, they will not be interpreted by the client. (CVE-2022-37436)

  - Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request     Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of     RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied     request-target (URL) data and is then re-inserted into the proxied request-target using variable     substitution. For example, something like: RewriteEngine on RewriteRule '^/here/(.*)'     'http://example.com:8080/elsewhere?$1'; [P] ProxyPassReverse /here/ http://example.com:8080/ Request     splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended     URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version     2.4.56 of Apache HTTP Server. (CVE-2023-25690)

  - HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache     HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can     truncate/split the response forwarded to the client. (CVE-2023-27522)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool     (heap) memory location beyond the header value sent. This could cause the process to crash. This issue     affects Apache HTTP Server 2.4.54 and earlier. (CVE-2006-20001)

  - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap     memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and     prior versions. (CVE-2022-23943)

  - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of     Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This     issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.
    (CVE-2022-36760)

  - Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated     early, resulting in some headers being incorporated into the response body. If the later headers have any     security purpose, they will not be interpreted by the client. (CVE-2022-37436)

  - Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request     Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of     RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied     request-target (URL) data and is then re-inserted into the proxied request-target using variable     substitution. For example, something like: RewriteEngine on RewriteRule '^/here/(.*)'     'http://example.com:8080/elsewhere?$1'; [P] ProxyPassReverse /here/ http://example.com:8080/ Request     splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended     URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version     2.4.56 of Apache HTTP Server. (CVE-2023-25690)

  - HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache     HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can     truncate/split the response forwarded to the client. (CVE-2023-27522)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the httpd-2.4.57-2.el9 build changelog.

  - HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-7d14cdec4a advisory.

    - new version 2.4.56
    - security update for CVE-2023-27522 and CVE-2023-25690

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its self-reported version number, Zimbra Collaboration Server is affected by multiple vulnerabilities including:

  - Vulnerability in the sfdc_preauth.jsp component. A remote, unauthenticated attacker can exploit this     vulnerability to execute arbitrary code. (CVE-2023-29382)

  - HTTP request smuggling vulnerability in the bundled Apache HTTP Server component. Exploitation of this     vulnerability can result in the bypass of access controls in the proxy server, proxying unintended URLs     to existing origin servers and cache poisoning. (CVE-2023-25690)

  - An server-side request forgery vulnerability in the bundled Apache CXF component. (CVE-2022-46364)

  - A cross-site scripting (XSS) vulnerability in the /h/autoSaveDraft function. A remote authenticated     attacker can executed arbitrary code in the context of another user. (CVE-2023-34192)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
173406	SUSE SLES15 Security Update : apache2 (SUSE-SU-2023:1573-1)	Nessus	SuSE Local Security Checks	3/25/2023	10/21/2023	critical
173852	RHEL 7 : httpd (RHSA-2023:1593)	Nessus	Red Hat Local Security Checks	4/4/2023	11/7/2024	critical
173879	Oracle Linux 7 : httpd (ELSA-2023-1593)	Nessus	Oracle Linux Local Security Checks	4/5/2023	10/22/2024	critical
174004	RHEL 8 : httpd:2.4 (RHSA-2023:1673)	Nessus	Red Hat Local Security Checks	4/6/2023	11/7/2024	critical
174020	Oracle Linux 8 : httpd:2.4 (ELSA-2023-1673)	Nessus	Oracle Linux Local Security Checks	4/7/2023	10/24/2024	critical
174171	Rocky Linux 9 : httpd and mod_http2 (RLSA-2023:1670)	Nessus	Rocky Linux Local Security Checks	4/12/2023	11/6/2023	critical
177949	EulerOS 2.0 SP11 : httpd (EulerOS-SA-2023-2271)	Nessus	Huawei Local Security Checks	7/4/2023	9/29/2023	critical
179099	EulerOS Virtualization 3.0.6.0 : httpd (EulerOS-SA-2023-2502)	Nessus	Huawei Local Security Checks	7/31/2023	9/29/2023	critical
173279	Amazon Linux AMI : httpd24 (ALAS-2023-1711)	Nessus	Amazon Linux Local Security Checks	3/22/2023	12/11/2024	critical
176606	EulerOS Virtualization 2.9.1 : httpd (EulerOS-SA-2023-1998)	Nessus	Huawei Local Security Checks	6/2/2023	6/2/2023	critical
176795	EulerOS Virtualization 2.11.0 : httpd (EulerOS-SA-2023-2123)	Nessus	Huawei Local Security Checks	6/7/2023	6/7/2023	critical
191207	CentOS 9 : httpd-2.4.57-2.el9	Nessus	CentOS Local Security Checks	2/29/2024	4/26/2024	critical
172656	Fedora 38 : httpd (2023-7d14cdec4a)	Nessus	Fedora Local Security Checks	3/17/2023	11/14/2024	critical
178617	Zimbra Collaboration Server 8.8.x < 8.8.15 Patch 40 Multiple Vulnerabilities	Nessus	CGI abuses	7/20/2023	2/25/2025	critical

Detections

Analytics

Plugins Search

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical