Article - CS390913
Potential Impact of Apache HTTP Server (prior to 2.4.56) security vulnerability (CVE-2023-25690) - Windchill PDMLink & FlexPLM
Modified: 06-Jun-2024
Applies To
- FlexPLM 11.1 M020
- Windchill PDMLink 11.1 M020
- FlexPLM 12.0.2.0
- FlexPLM 12.1.2.0
- FlexPLM 12.0.3.0
- Windchill PDMLink 12.0.2.0
- Windchill PDMLink 12.1.1.0
- Windchill PDMLink 12.1.2.0
- Pro/INTRALINK 8.x + 11.1 to 11.2
- Windchill PDM Essentials 11.1
- PTC Arbortext Content Manager 11.1 to 12.1
Description
- A critical CVE-2023-25690 is reported on Apache HTTP Server version prior to 2.4.56
- CVE-2023-25690
- Base CVSS Score (NVD) – 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Possible HTTP request smuggling.
- CWE 444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Potential impact of this issue in Windchill & FlexPLM is subject to specific configurations. (Refer to Resolution section for more details)
This article has been created to provide information and recommended actions
Refer to Apache website reference for more details: Apache HTTP Server 2.4 vulnerabilities - The Apache HTTP Server Project
Is Apache 2.4.56 supported in any of the current released 12.0.2.x..How to get the downloaded HTTPServer installer for 2.4.56?
This is a printer-friendly version of Article 390913 and may be out of date. For the latest version click CS390913