What is CVE-2023-25690?

CVE-2023-25690 is a vulnerability in Apache Software Foundation Http Server, classified under Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling). Published 2023-03-07.

Is CVE-2023-25690 known to be exploited?

56 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Http Server

CVE-2023-25690

Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in wh…

Vulnerability class: HTTP Request Smuggling

EPSS: 0.670 (98.6th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Http Server — versions 2.4.0

Weakness classification (CWE)

CWE-444 — Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2023-25690?: CVE-2023-25690 is a vulnerability in Apache Software Foundation Http Server, classified under Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling). Published 2023-03-07.
Is CVE-2023-25690 known to be exploited?: 56 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.