Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-25690 PoC — Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy

Source
https://github.com/tbachvarova/linux-apache-fix-mod_rewrite-spaceInURL
Associated Vulnerability
Title:Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)
Description:Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.
Description
Fix URL containing SPACES after Apache upgrade  CVE-2023-25690
Readme
# FIX linux (Ubuntu) Apache mod_rewrite space In URL

After the last Apache Upgrade, I've had some issues with "spaces in URL" in mod_rewrite.
2023-04-25 - upgrade apache2:amd64 2.4.38-3+deb10u9 2.4.38-3+deb10u10

The URLs that contain "space" and have been replaced with **%20** start to return error 403 by Apache.

I found that the update was actually to fix this:
https://github.com/apache/httpd/commit/d78a166fedd9d02c23e4b71d5f53bd9b2c4b9a51

(https://security-tracker.debian.org/tracker/CVE-2023-25690 )

After the last Apache upgrade under Ubuntu, I solve the problem of returning 403 by adding `[NC,L,B,BNP]` at the end of the domain conf file, adn it works for me.

>RewriteEngine On
> 
>RewriteBase /
> 
>RewriteRule ^([^/])/([^/])$ /index.php?lang=$1&page=$2 [NC,L,**B,BNP**]


![fix Apache space in URL - mod_rewrite](img.jpg)


I hope that this fix should be helpful to somebody :-)
File Snapshot

 [4.0K]  /data/pocs/0871a6b0f5c6f0b0a775f42ac0f6b4d5ee69665a
├── [372K]  img.jpg
└── [ 896]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →