CVE-2023-25690

This repository provides a detailed technical analysis of CVE-2023-25690, an HTTP Request Smuggling vulnerability in Apache HTTP Server versions 2.4.0 through 2.4.55. It includes a lab setup with Docker for reproducing the vulnerability, explains the root cause (CRLF injection via mod_proxy and RewriteRule), and demonstrates how an attacker can smuggle requests to bypass access controls.

This repository contains a functional exploit for CVE-2023-25690, demonstrating HTTP Request Smuggling in Apache HTTP Server via crafted requests. The PoC includes a Python script that constructs and sends a malicious request to bypass proxy restrictions and access hidden endpoints.

This repository contains a detailed technical analysis and proof-of-concept for CVE-2023-25690, focusing on HTTP request smuggling over UDP/QUIC. It includes a Flask-based vulnerable application, a UDP proxy, and a comprehensive writeup explaining the root cause, exploitation steps, and mitigation strategies.

This repository provides a detailed technical analysis of CVE-2023-25690, an HTTP Request Smuggling vulnerability in Apache HTTP Server versions 2.4.0 through 2.4.55. It includes a lab setup with Docker to demonstrate the vulnerability, focusing on CRLF injection and internal HTTP Request Smuggling via header injection.

This repository provides a technical writeup on mitigating the impact of CVE-2023-25690, an Apache mod_rewrite issue causing 403 errors for URLs with spaces encoded as %20. It includes a configuration fix using specific RewriteRule flags.