CVE-2023-27522

CVE-2023-27522: Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting

Vendor Apache Software Foundation

Product Apache HTTP Server

Weakness CWE-444

Published March 7, 2023

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.

Key dates

Disclosure timeline

March 7, 2023 CVE published

February 13, 2025 Record updated