CVE-2023-27522
Apache HTTP Server: mod_proxy_uwsgi HTTP response splittingHTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.
We have discovered 470,820 live websites that are affected by CVE-2023-27522.
Affected Software
| Product |  Apache |
| Category | Web Servers |
| Vulnerable Domains | 470,820 live websites (18% of Apache install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 21 versions ( 18% of all versions) |
Common Weakness Enumeration
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')Details
- Published - Mar 7, 2023
- Updated - Feb 13, 2025
Credits
- Dimas Fariski Setyawan Putra (nyxsorcerer) (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2023-27522 United States | 139,448 websites |
 Germany | 55,517 websites |
 France | 24,709 websites |
 Japan | 21,887 websites |
 Italy | 18,848 websites |
 GB | 17,533 websites |
 Poland | 17,460 websites |
 Russia | 17,120 websites |
 Netherlands | 12,188 websites |
 Canada | 11,963 websites |
Website Distribution by TLD
Number of websites using CVE-2023-27522| .com | 162,588 websites |
| .de | 29,755 websites |
| .org | 23,516 websites |
| .net | 18,256 websites |
| .it | 17,160 websites |
| .ru | 15,633 websites |
| .pl | 15,516 websites |
| .jp | 13,282 websites |
| .co.uk | 9,925 websites |
| .nl | 9,925 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-27522
Top websites that are affected by CVE-2023-27522. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *******.com |  Singapore | *** | |
| *************.***.****.****.************.net | United States | *** | |
| ***.*********.com | Singapore | *,*** | |
| *****.*******.com | Singapore | *,*** | |
| ****.*********.net | GB | *,*** | |
| ******.*****.gov | United States | *,*** | |
| *************.com | France | *,*** | |
| *******.*******.pl | Poland | *,*** | |
| ******.org | United States | *,*** | |
| ***.**.uk | GB | *,*** |
FAQ
CVE-2023-27522 is Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in Apache
A total of 470,820 websites have been identified as vulnerable to CVE-2023-27522, based on global website indexing conducted by WebTechSurvey.
The Apache is affected by the CVE-2023-27522 vulnerability.
Apache versions up to and including 2.4.55 are vulnerable to CVE-2023-27522.