USN-5839-1: Apache HTTP Server vulnerabilities
1 February 2023
Several security issues were fixed in Apache HTTP Server.
- apache2 - Apache HTTP server
It was discovered that the Apache HTTP Server mod_dav module incorrectly
handled certain If: request headers. A remote attacker could possibly use
this issue to cause the server to crash, resulting in a denial of service.
ZeddYu_Lu discovered that the Apache HTTP Server mod_proxy_ajp module
incorrectly interpreted certain HTTP Requests. A remote attacker could
possibly use this issue to perform an HTTP Request Smuggling attack.
Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server
mod_proxy module incorrectly truncated certain response headers. This may
result in later headers not being interpreted by the client.
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.