CVE-2023-27522
Apache HTTP Server: mod_proxy_uwsgi HTTP response splittingHTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.
We have discovered 496,000 live websites that are affected by CVE-2023-27522.
Affected Software
| Product |  Apache |
| Category | Web Servers |
| Vulnerable Domains | 496,000 live websites (18% of Apache install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 21 versions ( 18% of all versions) |
Common Weakness Enumeration
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')Details
- Published - Mar 7, 2023
- Updated - Feb 13, 2025
Credits
- Dimas Fariski Setyawan Putra (nyxsorcerer) (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2023-27522 United States | 147,242 websites |
 Germany | 58,487 websites |
 France | 26,242 websites |
 Japan | 23,386 websites |
 Italy | 19,668 websites |
 Poland | 18,547 websites |
 GB | 18,303 websites |
 Russia | 16,723 websites |
 Netherlands | 12,395 websites |
 Canada | 12,389 websites |
Website Distribution by TLD
Number of websites using CVE-2023-27522| .com | 171,906 websites |
| .de | 31,462 websites |
| .org | 25,031 websites |
| .net | 19,359 websites |
| .it | 17,799 websites |
| .pl | 16,511 websites |
| .ru | 15,289 websites |
| .jp | 13,762 websites |
| .co.uk | 10,794 websites |
| .nl | 10,156 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-27522
Top websites that are affected by CVE-2023-27522. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *******.com |  Singapore | *** | |
| *************.***.****.****.************.net | United States | *** | |
| ***.*********.com | Singapore | *,*** | |
| *****.*******.com | Singapore | *,*** | |
| ****.*********.net | GB | *,*** | |
| ******.*****.gov | United States | *,*** | |
| *************.com | France | *,*** | |
| *******.*******.pl | Poland | *,*** | |
| ******.org | United States | *,*** | |
| ***.**.uk | GB | *,*** |
FAQ
CVE-2023-27522 is Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in Apache
A total of 496,000 websites have been identified as vulnerable to CVE-2023-27522, based on global website indexing conducted by WebTechSurvey.
The Apache is affected by the CVE-2023-27522 vulnerability.
Apache versions up to and including 2.4.55 are vulnerable to CVE-2023-27522.