VDB
WID-SEC-W-2023-0110
WID-SEC-W-2023-0110
PUBLISHED
CVSS 8.699999809265137 HIGH
Apache ist ein Webserver für verschiedene Plattformen.
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell NetWorker < 19.8.0.2 | ||
| Amazon Linux 2 | ||
| IBM Security Access Manager for Enterprise Single Sign-On 8.2.1 | ||
| F5 BIG-IP | ||
| Debian Linux | ||
| IBM QRadar SIEM < 7.5.0 UP8 | ||
| IBM Rational ClearCase 9.0.2 | ||
| IBM HTTP Server 9.0 | ||
| Dell NetWorker < 19.7.1.1 | ||
| Apache HTTP Server < 2.4.55 | ||
| IBM Tivoli Monitoring < 6.3.0.7 sp5 | ||
| IBM Rational Build Forge < 8.0.0.24 | ||
| Dell NetWorker < 19.7.0.4 | ||
| IBM Business Automation Workflow | ||
| IBM Rational ClearCase 10.0.0 | ||
| Gentoo Linux | ||
| IBM WebSphere Application Server 8.5 | ||
| IBM HTTP Server 8.5 | ||
| IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 | ||
| IBM Rational ClearCase 9.1 |
Exploit Intelligence
- A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. CVE project by @Sn0wAlice (github-poc)
- https://www.ibm.com/support/pages/node/6962383 (circl)
- https://security.business.xerox.com/wp-content/uploads/2023/03/Xerox-Security-Bulletin-XRX23-003-FreeFlow-Print-Server-v9.pdf (circl)
- https://lists.suse.com/pipermail/sle-security-updates/2023-January/013556.html (circl)
- https://lists.suse.com/pipermail/sle-security-updates/2023-January/013558.html (circl)
- https://www.google.com/url?q=https%3A%2F%2Fubuntu.com%2Fsecurity%2Fnotices%2FUSN-5834-1&%3Bsource=gmail&%3Bust=1675257411154000&%3Busg=AOvVaw1WoMIqhy0iwdVYvGnJxfVb (circl)
- https://ubuntu.com/security/notices/USN-5839-1 (circl)
- https://ubuntu.com/security/notices/USN-5839-2 (circl)
- https://lists.suse.com/pipermail/sle-security-updates/2023-February/013648.html (circl)
- https://lists.suse.com/pipermail/sle-security-updates/2023-February/013712.html (circl)
…and 32 more exploits
Timeline
- Jan 17, 2023 CVE Published
- Mar 27, 2024 CVE Updated
- Apr 23, 2026 Distribution Patch
- Apr 23, 2026 Distribution Patch
- Apr 23, 2026 Distribution Patch
- Apr 23, 2026 Distribution Patch
- Apr 23, 2026 Distribution Patch
- Apr 23, 2026 Distribution Patch
- Apr 23, 2026 Distribution Patch
- Apr 23, 2026 Distribution Patch
- Apr 23, 2026 Distribution Patch
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0110.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0110 advisory
- https://httpd.apache.org/security/vulnerabilities_24.html url
- https://lists.suse.com/pipermail/sle-security-updates/2023-January/013556.html url
- https://lists.suse.com/pipermail/sle-security-updates/2023-January/013558.html url
- https://www.google.com/url?q=https%3A%2F%2Fubuntu.com%2Fsecurity%2Fnotices%2FUSN-5834-1&%3Bsource=gmail&%3Bust=1675257411154000&%3Busg=AOvVaw1WoMIqhy0iwdVYvGnJxfVb url
- https://ubuntu.com/security/notices/USN-5839-1 url
- https://ubuntu.com/security/notices/USN-5839-2 url
- https://lists.suse.com/pipermail/sle-security-updates/2023-February/013648.html url
- https://lists.suse.com/pipermail/sle-security-updates/2023-February/013712.html url
- https://lists.suse.com/pipermail/sle-security-updates/2023-February/013700.html url
- https://www.ibm.com/support/pages/node/6955577 url
- https://access.redhat.com/errata/RHSA-2023:0852 url
- http://linux.oracle.com/errata/ELSA-2023-0852.html url
- https://alas.aws.amazon.com/AL2/ALAS-2023-1938.html url
- https://www.ibm.com/support/pages/node/6958064 url
- http://linux.oracle.com/errata/ELSA-2023-0970.html url
- https://access.redhat.com/errata/RHSA-2023:0970 url
- https://www.ibm.com/support/pages/node/6959883 url
- https://lists.debian.org/debian-lts-announce/2023/03/msg00002.html url
…and 21 more