You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by gi...@apache.org on 2023/03/07 12:51:08 UTC
[httpd-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/httpd-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 3b459ce Automatic Site Publish by Buildbot
3b459ce is described below
commit 3b459cea1c7c3d423f1e3e24b12789b839e5dd90
Author: buildbot <us...@infra.apache.org>
AuthorDate: Tue Mar 7 12:51:05 2023 +0000
Automatic Site Publish by Buildbot
---
output/doap.rdf | 4 +-
output/download.html | 24 ++--
output/index.html | 8 +-
output/security/json/CVE-2023-25690.json | 103 +++++++++++++++
output/security/json/CVE-2023-27522.json | 101 ++++++++++++++
output/security/vulnerabilities-httpd.json | 204 +++++++++++++++++++++++++++++
output/security/vulnerabilities_24.html | 18 +++
7 files changed, 444 insertions(+), 18 deletions(-)
diff --git a/output/doap.rdf b/output/doap.rdf
index 287c18c..15ee6ca 100644
--- a/output/doap.rdf
+++ b/output/doap.rdf
@@ -38,8 +38,8 @@
<release>
<Version>
<name>Recommended current 2.4 release</name>
- <created>2023-01-17</created>
- <revision>2.4.55</revision>
+ <created>2023-03-07</created>
+ <revision>2.4.56</revision>
</Version>
</release>
diff --git a/output/download.html b/output/download.html
index 304ece5..ae2a0fe 100644
--- a/output/download.html
+++ b/output/download.html
@@ -100,33 +100,33 @@ families of releases, are available from the
<a href="//httpd.apache.org/docs/current/platform/windows.html#down">a number of third party vendors</a>.</p>
<p>Stable Release - Latest Version:</p>
<ul>
-<li><a href="#apache24">2.4.55</a> (released 2023-01-17)</li>
+<li><a href="#apache24">2.4.56</a> (released 2023-03-07)</li>
</ul>
<p>If you are downloading the Win32 distribution, please read these <a href="[preferred]httpd/binaries/win32/README.html">important
notes</a>.</p>
-<h1 id="apache24">Apache HTTP Server 2.4.55 (httpd): 2.4.55 is the latest available version <span>2023-01-17</span><a class="headerlink" href="#apache24" title="Permalink">¶</a></h1>
+<h1 id="apache24">Apache HTTP Server 2.4.56 (httpd): 2.4.56 is the latest available version <span>2023-03-07</span><a class="headerlink" href="#apache24" title="Permalink">¶</a></h1>
<p>The Apache HTTP Server Project is pleased to
<a href="//downloads.apache.org/httpd/Announcement2.4.txt">announce</a> the
-release of version 2.4.55 of the Apache HTTP Server ("Apache" and "httpd").
+release of version 2.4.56 of the Apache HTTP Server ("Apache" and "httpd").
This version of Apache is our latest GA release of the new generation 2.4.x
branch of Apache HTTPD and represents fifteen years of innovation by the
project, and is recommended over all previous releases!</p>
<p>For details, see the <a href="//downloads.apache.org/httpd/Announcement2.4.html">Official
Announcement</a> and
the <a href="[preferred]httpd/CHANGES_2.4">CHANGES_2.4</a> and
-<a href="[preferred]httpd/CHANGES_2.4.55">CHANGES_2.4.55</a> lists.</p>
+<a href="[preferred]httpd/CHANGES_2.4.56">CHANGES_2.4.56</a> lists.</p>
<ul>
<li>
-<p>Source: <a href="[preferred]httpd/httpd-2.4.55.tar.bz2">httpd-2.4.55.tar.bz2</a>
-[ <a href="https://downloads.apache.org/httpd/httpd-2.4.55.tar.bz2.asc">PGP</a> ] [
-<a href="https://downloads.apache.org/httpd/httpd-2.4.55.tar.bz2.sha256">SHA256</a> ] [
-<a href="https://downloads.apache.org/httpd/httpd-2.4.55.tar.bz2.sha512">SHA512</a> ]</p>
+<p>Source: <a href="[preferred]httpd/httpd-2.4.56.tar.bz2">httpd-2.4.56.tar.bz2</a>
+[ <a href="https://downloads.apache.org/httpd/httpd-2.4.56.tar.bz2.asc">PGP</a> ] [
+<a href="https://downloads.apache.org/httpd/httpd-2.4.56.tar.bz2.sha256">SHA256</a> ] [
+<a href="https://downloads.apache.org/httpd/httpd-2.4.56.tar.bz2.sha512">SHA512</a> ]</p>
</li>
<li>
-<p>Source: <a href="[preferred]httpd/httpd-2.4.55.tar.gz">httpd-2.4.55.tar.gz</a> [
-<a href="https://downloads.apache.org/httpd/httpd-2.4.55.tar.gz.asc">PGP</a> ] [
-<a href="https://downloads.apache.org/httpd/httpd-2.4.55.tar.gz.sha256">SHA256</a> ] [
-<a href="https://downloads.apache.org/httpd/httpd-2.4.55.tar.gz.sha512">SHA512</a> ]</p>
+<p>Source: <a href="[preferred]httpd/httpd-2.4.56.tar.gz">httpd-2.4.56.tar.gz</a> [
+<a href="https://downloads.apache.org/httpd/httpd-2.4.56.tar.gz.asc">PGP</a> ] [
+<a href="https://downloads.apache.org/httpd/httpd-2.4.56.tar.gz.sha256">SHA256</a> ] [
+<a href="https://downloads.apache.org/httpd/httpd-2.4.56.tar.gz.sha512">SHA512</a> ]</p>
</li>
<li>
<p><a href="[preferred]httpd/binaries/">Binaries</a></p>
diff --git a/output/index.html b/output/index.html
index 30c7dec..f06a081 100644
--- a/output/index.html
+++ b/output/index.html
@@ -96,16 +96,16 @@ standards.</p>
April 1996. It has celebrated its 25th birthday as a project in February 2020.</p>
<p>The Apache HTTP Server is a project of <a href="http://www.apache.org/">The Apache Software
Foundation</a>.</p>
-<h1 id="apache-httpd-2455-released-2023-01-17">Apache httpd 2.4.55 Released <span>2023-01-17</span><a class="headerlink" href="#apache-httpd-2455-released-2023-01-17" title="Permalink">¶</a></h1>
+<h1 id="apache-httpd-2456-released-2023-03-07">Apache httpd 2.4.56 Released <span>2023-03-07</span><a class="headerlink" href="#apache-httpd-2456-released-2023-03-07" title="Permalink">¶</a></h1>
<p>The Apache Software Foundation and the Apache HTTP Server Project are
pleased to
<a href="http://downloads.apache.org/httpd/Announcement2.4.html">announce</a> the
-release of version 2.4.55 of the Apache HTTP Server ("httpd").</p>
+release of version 2.4.56 of the Apache HTTP Server ("httpd").</p>
<p>This latest release from the 2.4.x stable branch represents the best available
version of Apache HTTP Server.</p>
<p>Apache HTTP Server version 2.<span>4</span>.43 or newer is required in order to operate a TLS 1.3 web server with OpenSSL 1.1.1.</p>
-<p class="centered"><a href="download.cgi#apache24">Download</a> | <a href="http://downloads.apache.org/httpd/CHANGES_2.4.55">ChangeLog for
-2.4.55</a> | <a href="http://downloads.apache.org/httpd/CHANGES_2.4">Complete ChangeLog for
+<p class="centered"><a href="download.cgi#apache24">Download</a> | <a href="http://downloads.apache.org/httpd/CHANGES_2.4.56">ChangeLog for
+2.4.56</a> | <a href="http://downloads.apache.org/httpd/CHANGES_2.4">Complete ChangeLog for
2.4</a> | <a href="docs/trunk/new_features_2_4.html">New Features in httpd
2.4</a></p>
<h1 id="apache-httpd-22-end-of-life-2018-01-01">Apache httpd 2.2 End-of-Life <span>2018-01-01</span><a class="headerlink" href="#apache-httpd-22-end-of-life-2018-01-01" title="Permalink">¶</a></h1>
diff --git a/output/security/json/CVE-2023-25690.json b/output/security/json/CVE-2023-25690.json
new file mode 100644
index 0000000..fe3035f
--- /dev/null
+++ b/output/security/json/CVE-2023-25690.json
@@ -0,0 +1,103 @@
+{
+ "cveMetadata": {
+ "cveId": "CVE-2023-25690",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "CNA_private": {
+ "emailed": null,
+ "projecturl": "https://httpd.apache.org/",
+ "owner": "httpd",
+ "userslist": "users@httpd.apache.org",
+ "state": "REVIEW",
+ "todo": [],
+ "type": "unsure"
+ },
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "HTTP request splitting with mod_rewrite and mod_proxy",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')",
+ "lang": "en",
+ "cweId": "CWE-444",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache HTTP Server",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "2.4.0",
+ "lessThanOrEqual": "2.4.55",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unknown"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.\n\n\n\n\nConfigurations are affected when mod_proxy is enabled along with some form of RewriteRule\n or ProxyPassMatch in which a non-specific pattern matches\n some portion of the user-supplied request-target (URL) data and is then\n re-inserted into the proxied request-target using variable \nsubstitution. For example, something like:\n\n\n\n\nRew [...]
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "<div>Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.</div><div><br></div><div><div>Configurations are affected when mod_proxy is enabled along with some form of RewriteRule\n or ProxyPassMatch in which a non-specific pattern matches\n some portion of the user-supplied request-target (URL) data and is then\n re-inserted into the proxied request-target using variable \nsubstitution. For example [...]
+ }
+ ]
+ }
+ ],
+ "references": [],
+ "metrics": [
+ {
+ "other": {
+ "type": "Textual description of severity",
+ "content": {
+ "text": "important"
+ }
+ }
+ }
+ ],
+ "timeline": [
+ {
+ "time": "2023-02-02T06:01:00.000Z",
+ "lang": "en",
+ "value": "reported"
+ },
+ {
+ "lang": "eng",
+ "time": "2023-03-07",
+ "value": "2.4.56 released"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Lars Krapf of Adobe",
+ "type": "finder"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
diff --git a/output/security/json/CVE-2023-27522.json b/output/security/json/CVE-2023-27522.json
new file mode 100644
index 0000000..21a58fa
--- /dev/null
+++ b/output/security/json/CVE-2023-27522.json
@@ -0,0 +1,101 @@
+{
+ "containers": {
+ "cna": {
+ "affected": [
+ {
+ "defaultStatus": "unaffected",
+ "product": "Apache HTTP Server",
+ "vendor": "Apache Software Foundation",
+ "versions": [
+ {
+ "lessThanOrEqual": "2.4.55",
+ "status": "affected",
+ "version": "2.4.30",
+ "versionType": "semver"
+ }
+ ]
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "type": "finder",
+ "value": "Dimas Fariski Setyawan Putra (nyxsorcerer)"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "<div>HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_<code>proxy_uwsgi</code>. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.</div><div>Special characters in the origin response header can truncate/split the response forwarded to the client.<br></div>"
+ }
+ ],
+ "value": "HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.\n\nSpecial characters in the origin response header can truncate/split the response forwarded to the client.\n\n\n"
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "content": {
+ "text": "moderate"
+ },
+ "type": "Textual description of severity"
+ }
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "cweId": "CWE-444",
+ "description": "CWE-444 Inconsistent Interpretation of HTTP Responses ('HTTP Response Smuggling')",
+ "lang": "en",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "references": [
+ {
+ "tags": [
+ "vendor-advisory"
+ ],
+ "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
+ }
+ ],
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "timeline": [
+ {
+ "lang": "en",
+ "time": "2023-01-29T10:42:00.000Z",
+ "value": "Reported to security team"
+ },
+ {
+ "lang": "eng",
+ "time": "2023-03-07",
+ "value": "2.4.56 released"
+ }
+ ],
+ "title": "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting",
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "cveId": "CVE-2023-27522",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
diff --git a/output/security/vulnerabilities-httpd.json b/output/security/vulnerabilities-httpd.json
index 1d7926f..87e19cb 100644
--- a/output/security/vulnerabilities-httpd.json
+++ b/output/security/vulnerabilities-httpd.json
@@ -854,6 +854,107 @@
}
}
},
+ {
+ "containers": {
+ "cna": {
+ "affected": [
+ {
+ "defaultStatus": "unaffected",
+ "product": "Apache HTTP Server",
+ "vendor": "Apache Software Foundation",
+ "versions": [
+ {
+ "lessThanOrEqual": "2.4.55",
+ "status": "affected",
+ "version": "2.4.30",
+ "versionType": "semver"
+ }
+ ]
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "type": "finder",
+ "value": "Dimas Fariski Setyawan Putra (nyxsorcerer)"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "<div>HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_<code>proxy_uwsgi</code>. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.</div><div>Special characters in the origin response header can truncate/split the response forwarded to the client.<br></div>"
+ }
+ ],
+ "value": "HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.\n\nSpecial characters in the origin response header can truncate/split the response forwarded to the client.\n\n\n"
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "content": {
+ "text": "moderate"
+ },
+ "type": "Textual description of severity"
+ }
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "cweId": "CWE-444",
+ "description": "CWE-444 Inconsistent Interpretation of HTTP Responses ('HTTP Response Smuggling')",
+ "lang": "en",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "references": [
+ {
+ "tags": [
+ "vendor-advisory"
+ ],
+ "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
+ }
+ ],
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "timeline": [
+ {
+ "lang": "en",
+ "time": "2023-01-29T10:42:00.000Z",
+ "value": "Reported to security team"
+ },
+ {
+ "lang": "eng",
+ "time": "2023-03-07",
+ "value": "2.4.56 released"
+ }
+ ],
+ "title": "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting",
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "cveMetadata": {
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "cveId": "CVE-2023-27522",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+ },
{
"data_type": "CVE",
"data_format": "MITRE",
@@ -34593,6 +34694,109 @@
}
}
},
+ {
+ "cveMetadata": {
+ "cveId": "CVE-2023-25690",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "CNA_private": {
+ "emailed": null,
+ "projecturl": "https://httpd.apache.org/",
+ "owner": "httpd",
+ "userslist": "users@httpd.apache.org",
+ "state": "REVIEW",
+ "todo": [],
+ "type": "unsure"
+ },
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
+ },
+ "title": "HTTP request splitting with mod_rewrite and mod_proxy",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')",
+ "lang": "en",
+ "cweId": "CWE-444",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "affected": [
+ {
+ "vendor": "Apache Software Foundation",
+ "product": "Apache HTTP Server",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "2.4.0",
+ "lessThanOrEqual": "2.4.55",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unknown"
+ }
+ ],
+ "descriptions": [
+ {
+ "value": "Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.\n\n\n\n\nConfigurations are affected when mod_proxy is enabled along with some form of RewriteRule\n or ProxyPassMatch in which a non-specific pattern matches\n some portion of the user-supplied request-target (URL) data and is then\n re-inserted into the proxied request-target using variable \nsubstitution. For example, something like [...]
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "<div>Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.</div><div><br></div><div><div>Configurations are affected when mod_proxy is enabled along with some form of RewriteRule\n or ProxyPassMatch in which a non-specific pattern matches\n some portion of the user-supplied request-target (URL) data and is then\n re-inserted into the proxied request-target using variable \nsubstit [...]
+ }
+ ]
+ }
+ ],
+ "references": [],
+ "metrics": [
+ {
+ "other": {
+ "type": "Textual description of severity",
+ "content": {
+ "text": "important"
+ }
+ }
+ }
+ ],
+ "timeline": [
+ {
+ "time": "2023-02-02T06:01:00.000Z",
+ "lang": "en",
+ "value": "reported"
+ },
+ {
+ "lang": "eng",
+ "time": "2023-03-07",
+ "value": "2.4.56 released"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Lars Krapf of Adobe",
+ "type": "finder"
+ }
+ ],
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+ },
{
"data_type": "CVE",
"data_format": "MITRE",
diff --git a/output/security/vulnerabilities_24.html b/output/security/vulnerabilities_24.html
index 83f665b..c4b7ad5 100644
--- a/output/security/vulnerabilities_24.html
+++ b/output/security/vulnerabilities_24.html
@@ -91,6 +91,24 @@ h1:hover > .headerlink, h2:hover > .headerlink, h3:hover > .headerlink, h4:hover
<p>Please note that if a vulnerability is shown below as being fixed in a "-dev" release then this means that a fix has been applied to the development source tree and will be part of an upcoming full release.</p>
<p>Please send comments or corrections for these vulnerabilities to the <a href="/security_report.html">Security Team</a>.</p> <br/>
<p><em>The initial GA release, Apache httpd 2.4.1, includes fixes for all vulnerabilities which have been resolved in Apache httpd 2.2.22 and all older releases. Consult the <a href="vulnerabilities_22.html">Apache httpd 2.2 vulnerabilities list</a> for more information.</em></p><br/>
+<h1 id="2.4.56">Fixed in Apache HTTP Server 2.4.56</h1><dl>
+<dt><h3 id="CVE-2023-25690">important: <name name="CVE-2023-25690">HTTP request splitting with mod_rewrite and mod_proxy</name>
+(<a href="https://www.cve.org/CVERecord?id=CVE-2023-25690">CVE-2023-25690</a>)</h3></dt>
+<dd><p>Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.</p><p></p><p></p><p></p><p></p><p>Configurations are affected when mod_proxy is enabled along with some form of RewriteRule</p><p> or ProxyPassMatch in which a non-specific pattern matches</p><p> some portion of the user-supplied request-target (URL) data and is then</p><p> re-inserted into the proxied request-target using variable </p><p>substitution. For examp [...]
+<p>Acknowledgements: finder: Lars Krapf of Adobe</p>
+<table class="table"><tr><td class="cve-header">Reported to security team</td><td class="cve-value">2023-02-02</td></tr>
+<tr><td class="cve-header">Update 2.4.56 released</td><td class="cve-value">2023-03-07</td></tr>
+<tr><td class="cve-header">Affects</td><td class="cve-value"><=2.4.55</td></tr>
+</table></dd>
+<dt><h3 id="CVE-2023-27522">moderate: <name name="CVE-2023-27522">Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting</name>
+(<a href="https://www.cve.org/CVERecord?id=CVE-2023-27522">CVE-2023-27522</a>)</h3></dt>
+<dd><p>HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.</p><p></p><p>Special characters in the origin response header can truncate/split the response forwarded to the client.</p><p></p><p></p><p></p>
+<p>Acknowledgements: finder: Dimas Fariski Setyawan Putra (nyxsorcerer)</p>
+<table class="table"><tr><td class="cve-header">Reported to security team</td><td class="cve-value">2023-01-29</td></tr>
+<tr><td class="cve-header">Update 2.4.56 released</td><td class="cve-value">2023-03-07</td></tr>
+<tr><td class="cve-header">Affects</td><td class="cve-value"><=2.4.55</td></tr>
+</table></dd>
+</dl>
<h1 id="2.4.55">Fixed in Apache HTTP Server 2.4.55</h1><dl>
<dt><h3 id="CVE-2006-20001">moderate: <name name="CVE-2006-20001">mod_dav out of bounds read, or write of zero byte</name>
(<a href="https://www.cve.org/CVERecord?id=CVE-2006-20001">CVE-2006-20001</a>)</h3></dt>