CVE-2023-23364 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-23364 PUBLISHED CVSS 8.100000381469727 HIGH

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.

EPSS 0.66% · 70.9th percentile

Risk Scores

CVSS v3.1

8.100000381469727

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.66%

70.9th percentile

Affected Products

Vendor	Product	Versions
QNAP Systems Inc.	Multimedia Console	2.1., 1.4.
qnap	multimedia_console	0, 2.0.0
Apache Software Foundation	Apache HTTP Server	2.4

Timeline

Oct 6, 2021 PoC Published
Sep 22, 2023 CVE Published
Sep 22, 2023 EPSS Score
Oct 5, 2023 PoC Published
Oct 24, 2023 EPSS Score
Nov 24, 2023 EPSS Score
Dec 26, 2023 EPSS Score
Feb 27, 2024 EPSS Score
Mar 29, 2024 EPSS Score
Apr 30, 2024 EPSS Score
May 9, 2024 PoC Published
May 31, 2024 EPSS Score

References

https://www.qnap.com/fr-fr/security-advisory/qsa-23-25 advisory
https://www.qnap.com/fr-fr/security-advisory/qsa-23-12 advisory
https://www.qnap.com/fr-fr/security-advisory/qsa-23-29 advisory
https://www.qnap.com/en/security-advisory/qsa-23-29 url
https://nvd.nist.gov/vuln/detail/CVE-2023-23364 advisory
https://httpd.apache.org/security/vulnerabilities_24.html vendor-advisory
https://security.gentoo.org/glsa/202309-01 url

Open in Interactive Console →