Advisory 2023-03/02 Security Issue with Apache HTTP Server 2.4.0 through 2.4.55
| Vulnerability type | Potential HTTP Request Smuggling Attack |
| Severity factors | This vulnerability has a CVSS score of 9.8 with a critical severity rating |
| Versions affected | FileCloud Versions 22.1 and earlier |
| Version fixed | FileCloud Version 22.1.1 and later |
Description
Apache reported that "Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack." See https://httpd.apache.org/security/vulnerabilities_24.html and https://nvd.nist.gov/vuln/detail/CVE-2023-25690 for more information.
Fix
These vulnerabilities have been fixed in FileCloud version 22.1.1.20926 which has been upgraded to Apache HTTP Server 2.4.56.
What you should do to fix this vulnerability
- If you are using FileCloud Server, it is recommended that you update to the latest version, which is 22.1.1.20926 or greater. This will resolve the issue.
- If you are using FileCloud Online, your site has already been updated to the latest version.
If you have any questions about this advisory, please contact FileCloud support.