|Vulnerability type||Potential HTTP Request Smuggling Attack|
This vulnerability has a CVSS score of 9.8 with a critical severity rating
|Versions affected||FileCloud Versions 22.1 and earlier|
|Version fixed||FileCloud Version 22.1.1 and later|
Apache reported that "Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack." See https://httpd.apache.org/security/vulnerabilities_24.html and https://nvd.nist.gov/vuln/detail/CVE-2023-25690 for more information.
These vulnerabilities have been fixed in FileCloud version 22.214.171.12426 which has been upgraded to Apache HTTP Server 2.4.56.
What you should do to fix this vulnerability
- If you are using FileCloud Server, it is recommended that you update to the latest version, which is 126.96.36.19926 or greater. This will resolve the issue.
- If you are using FileCloud Online, your site has already been updated to the latest version.
If you have any questions about this advisory, please contact FileCloud support.