The Apache Software Foundation has released a critical security update addressing a vulnerability (CVE-2023-25690) in Apache HTTP Server, which has a CVSSv3 score of 9.8. This vulnerability affects the server under specific configurations and can be exploited for HTTP request smuggling attacks.
Affected Systems
Apache HTTP Server version 2.4.55 and earlier
Security Risks
The successful exploitation of the identified vulnerability (CVE-2023-25690) in Apache HTTP Server poses significant security risk as remote, unauthenticated attackers can potentially bypass access controls in the proxy server, redirect users to malicious sites, or perform cache poisoning.
Recommended Actions
The National Cyber Security Authority (NCSA) strongly recommends to system administrators to:
Follow Apache's Security Advisory to lower the risk of potential exploits, protect systems, and ensure their security.
Apply the required and latest security updates as soon as possible.