Apache CVE-2023-25690 vulnerability
Atempo teams are aware of this CVE which impacts some Apache httpd servers.
Atempo teams have completed the verifications, and were able to conclude that Miria is not impacted by this. Below, you can find more details:
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. [source: National Vulnerability Database, maintained and published by NIST]
Miria is the only Atempo product to use Apache HTTP Server, and configures it to avoid loading mod_proxy.
As the vulnerability needs an active instance of mod_proxy module, Miria is immune to CVE-2023-25690.
Other Atempo products do not use Apache httpd. Hence, they are absolutely immune to this peculiar CVE.
To learn more about the CVE: https://nvd.nist.gov/vuln/detail/CVE-2023-25690
Categories
- Advisories (17)
- CVE (6)
- Software Alerts (6)
Articles / Posts
- Tomcat CVE-2025-24813
- Flexera CVE-2024-2658
- Curl CVE-2024-7264 vulnerability
- Tenable.sc Report: OpenSSL 3.0.0 < 3.0.15 Vulnerability
- Software Alert – Tina 4.9.1 – VMWare
- Apache CVE-2023-25690 vulnerability
- ADVISORY ID :TINA202301 Impersonation
- Advisory ID : LINA/ADE-2023-0002
- Advisory ID : LINA/ADE-2023-0001
- Software Alert – Tina 4.6.9 – Hyper-V