Dimas Fariski Setyawan Putra

**Name of the Vulnerable Software and Affected Versions** Apache HTTP Server versions 2.4.30 through 2.4.55 uWSGI PyPI package versions prior to 2.0.22 **Description** The issue is related to HTTP Response Smuggling vulnerability in Apache HTTP Server via mod proxy uwsgi. Special characters in the origin response header can truncate/split the response forwarded to the client. This can allow a remote attacker to perform an HTTP request smuggling attack. **Recommendations** For Apache HTTP Server versions 2.4.30 through 2.4.55, update to a version that includes the fix for this issue. For uWSGI PyPI package versions prior to 2.0.22, update to version 2.0.22 or later. As a temporary workaround, consider disabling the mod proxy uwsgi module until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache HTTP Server versions prior to 2.4.55 **Description** The issue is related to the mod proxy module in Apache HTTP Server, where it fails to properly handle CRLF sequences in HTTP headers. This can be exploited by a remote attacker to perform HTTP response splitting attacks. A malicious backend can cause response headers to be truncated early, resulting in some headers being incorporated into the response body, which can bypass security measures if those headers have a security purpose. **Recommendations** For versions prior to 2.4.55, update to Apache HTTP Server version 2.4.55 or later to resolve the issue. As a temporary workaround, consider restricting access to the mod proxy module to minimize the risk of exploitation.