VDB
CVE-2023-23364
CVE-2023-23364
PUBLISHED
CVSS 8.100000381469727 HIGH
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.
EPSS 0.66% · 71.5th percentile
Risk Scores
CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.66%
71.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| QNAP Systems Inc. | Multimedia Console | *, * |
| qnap | multimedia_console | 0, 2.0.0 |
| Apache Software Foundation | Apache HTTP Server | 2.4 |
Exploit Intelligence
- CVE-2011-1473 POC script (github-poc)
- CVE-2011-1473 POC script (github-poc)
- CVE-2011-1473 POC script (github-poc)
- CVE-2011-1473 POC script (github-poc)
- CVE-2011-1473 POC script (github-poc)
- A bash script that attempts to flood a server with TLS renegotiations by using the openssl client. See CVE-2011-1473 and CVE-2011-1473 for details. (github-poc)
- A bash script that attempts to flood a server with TLS renegotiations by using the openssl client. See CVE-2011-1473 and CVE-2011-1473 for details. (github-poc)
- A bash script that attempts to flood a server with TLS renegotiations by using the openssl client. See CVE-2011-1473 and CVE-2011-1473 for details. (github-poc)
- A bash script that attempts to flood a server with TLS renegotiations by using the openssl client. See CVE-2011-1473 and CVE-2011-1473 for details. (github-poc)
- A bash script that attempts to flood a server with TLS renegotiations by using the openssl client. See CVE-2011-1473 and CVE-2011-1473 for details. (github-poc)
…and 35 more exploits
Timeline
- Oct 6, 2021 PoC Published
- Sep 22, 2023 CVE Published
- Sep 22, 2023 EPSS Score
- Oct 5, 2023 PoC Published
- Oct 24, 2023 EPSS Score
- Nov 25, 2023 EPSS Score
- Dec 27, 2023 EPSS Score
- Mar 1, 2024 EPSS Score
- Apr 2, 2024 EPSS Score
- May 4, 2024 EPSS Score
- May 9, 2024 PoC Published
- Jun 5, 2024 EPSS Score
References
- https://www.qnap.com/fr-fr/security-advisory/qsa-23-25 advisory
- https://www.qnap.com/fr-fr/security-advisory/qsa-23-12 advisory
- https://www.qnap.com/fr-fr/security-advisory/qsa-23-29 advisory
- https://www.qnap.com/en/security-advisory/qsa-23-29 url
- https://nvd.nist.gov/vuln/detail/CVE-2023-23364 advisory
- https://httpd.apache.org/security/vulnerabilities_24.html vendor-advisory
- https://security.gentoo.org/glsa/202309-01 url