Add CVE-2023-25690 - Apache HTTP Server - HTTP Request Smuggling

/claim #12455

Template / PR Information

This PR adds a template for CVE-2023-25690, a critical HTTP Request Smuggling vulnerability in Apache HTTP Server versions 2.4.0 through 2.4.55 when mod_proxy is misconfigured with RewriteRule or ProxyPassMatch using variable substitution.

Validation

Tested in a lab environment with Apache 2.4.55 and mod_proxy.
Verified via smuggled request evidence (POST /, GET /smuggled) and Apache desync error responses (400, 408, 502, 503).

References

NVD - CVE-2023-25690
Public PoC

Template Validation

I’ve validated this template locally?

Additional Details (leave it blank if not applicable)

Additional References:

Nuclei Template Creation Guideline
Nuclei Template Matcher Guideline
Nuclei Template Contribution Guideline
PD-Community Discord server

Template / PR Information

Validation

References

Template Validation

Additional Details (leave it blank if not applicable)

Additional References:

Claim

Contributors

Sponsors