Russian Vulnerability Scanner Database

Back to List

BDU:2023-01738

Scores

EPSS

0.000none0.0%
0%20%40%60%80%100%

Percentile: 0.0%

CVSS

9.8critical3.x
0246810

CVSS Score: 9.8/10

All CVSS Scores

CVSS 3.x
9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0
10.0

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Description

Уязвимость модуля mod_proxy веб-сервера Apache HTTP Server связана с недостатками обработки заголовка Transfer-Encoding. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, отправить скрытый HTTP-запрос (атака типа HTTP Request Smuggling)

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

bdu

Related Vulnerabilities

CVE-2023-25690

Exploits

Exploit ID: BDU:2023-01738

Source: bdu_exploit

URL: https://bdu.fstec.ru/vul

Exploit ID: CVE-2023-25690

Source: github-poc

URL: https://github.com/oOCyginXOo/CVE-2023-25690-POC

Reference Links

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25690
https://httpd.apache.org/security/vulnerabilities_24.html
https://access.redhat.com/security/cve/cve-2023-25690
https://www.suse.com/security/cve/CVE-2023-25690.html
https://repo.red-soft.ru/redos/7.3c/x86_64/updates/
https://altsp.su/obnovleniya-bezopasnosti/
https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2158
https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2155
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0426SE17
https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2161
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0727SE47
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.8/
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#20102023
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16
https://abf.rosa.ru/advisories/ROSA-SA-2025-2900
https://abf.rosa.ru/advisories/ROSA-SA-2025-2899
https://abf.rosa.ru/advisories/ROSA-SA-2025-2852

Recommendations

Source: bdu

Использование рекомендаций:
Для Apache HTTP Server:
https://httpd.apache.org/security/vulnerabilities_24.html

Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2023-25690

Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2023-25690.html

Для РедОС:
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/

Для ОС Альт 8 СП:
установка обновления из публичного репозитория программного средства

Для ОС РОСА “КОБАЛЬТ”:
https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2158

Для системы управления средой виртуализации “ROSA Virtualization”:
https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2155



Для ОС Astra Linux Special Edition 1.7:

использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0426SE17

Для системы управления средой виртуализации «ROSA Virtualization»:
https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2161

Для Astra Linux Special Edition 4.7 для архитектуры ARM:
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0727SE47

Для ОСОН ОСнова Оnyx:
Обновление программного обеспечения apache2 до версии 2.4.57-1osnova15.onyx

Для ОС ОН «Стрелец»:
Обновление программного обеспечения apache2 до версии 2.4.56-1osnova13.strelets

Для Astra Linux 1.6 «Смоленск»:
обновить пакет apache2 до 2.4.46-1~bpo9+1astra.se10 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16

Для программной системы управления средой виртуализации с подсистемой безагентного резервного копирования виртуальных машин «ROSA Virtualization 3.0»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2900

Для системы управления средой виртуализации «ROSA Virtualization»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2899

Для системы управления средой виртуализации «ROSA Virtualization»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2852

URL: https://bdu.fstec.ru/vul/2023-01738

Vulnerable Software (2520)

Type: Configuration

Vendor: apache software foundation

Product: http server

Operating System: suse linux enterprise server 15

Trait: 
{  "version_end_excluding": "2.4.56",  "version_start_including": "2.4.0"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: http server

Operating System: suse linux enterprise real time 15 SP2

Trait: 
{  "version_end_excluding": "2.4.56",  "version_start_including": "2.4.0"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: http server

Operating System: suse linux enterprise module for package hub 15 SP2

Trait: 
{  "version_end_excluding": "2.4.56",  "version_start_including": "2.4.0"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: http server

Operating System: suse linux enterprise desktop 12 SP2

Trait: 
{  "version_end_excluding": "2.4.56",  "version_start_including": "2.4.0"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: http server

Operating System: suse linux enterprise server 15 SP1-BCL

Trait: 
{  "version_end_excluding": "2.4.56",  "version_start_including": "2.4.0"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: http server

Operating System: suse linux enterprise storage 7

Trait: 
{  "version_end_excluding": "2.4.56",  "version_start_including": "2.4.0"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: http server

Operating System: suse linux enterprise storage 6

Trait: 
{  "version_end_excluding": "2.4.56",  "version_start_including": "2.4.0"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: http server

Operating System: осон основа оnyx *

Trait: 
{  "version_end_excluding": "2.4.56",  "version_start_including": "2.4.0"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: http server

Operating System: suse linux enterprise desktop 12 SP4

Trait: 
{  "version_end_excluding": "2.4.56",  "version_start_including": "2.4.0"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: http server

Operating System: suse linux enterprise server 12 SP2-BCL

Trait: 
{  "version_end_excluding": "2.4.56",  "version_start_including": "2.4.0"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: http server

Operating System: suse linux enterprise server 12 SP2-ESPOS

Trait: 
{  "version_end_excluding": "2.4.56",  "version_start_including": "2.4.0"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: http server

Operating System: suse linux enterprise server for sap applications 15 SP1

Trait: 
{  "version_end_excluding": "2.4.56",  "version_start_including": "2.4.0"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: http server

Operating System: suse linux enterprise server 15-LTSS

Trait: 
{  "version_end_excluding": "2.4.56",  "version_start_including": "2.4.0"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: http server

Operating System: suse linux enterprise server for sap applications 15 SP3

Trait: 
{  "version_end_excluding": "2.4.56",  "version_start_including": "2.4.0"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: http server

Operating System: suse linux enterprise desktop 15 SP3

Trait: 
{  "version_end_excluding": "2.4.56",  "version_start_including": "2.4.0"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: http server

Operating System: suse linux enterprise desktop 15 SP2

Trait: 
{  "version_end_excluding": "2.4.56",  "version_start_including": "2.4.0"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: http server

Operating System: suse linux enterprise desktop 12 SP3

Trait: 
{  "version_end_excluding": "2.4.56",  "version_start_including": "2.4.0"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: http server

Operating System: suse linux enterprise server 15 SP1-LTSS

Trait: 
{  "version_end_excluding": "2.4.56",  "version_start_including": "2.4.0"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: http server

Operating System: redos 7.3

Trait: 
{  "version_end_excluding": "2.4.56",  "version_start_including": "2.4.0"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: http server

Operating System: suse linux enterprise server 15 SP3

Trait: 
{  "version_end_excluding": "2.4.56",  "version_start_including": "2.4.0"}

Source: bdu