Medium5.3Red Hat Linux Updated
HTTP request smuggling via bare line-feed sequences in HTTP headers
CVE-2025-3110 Published Jul 8, 2026Updated by vendor Jul 8, 2026
Affected products & platforms
Red Hat LinuxUnclassified
Summary
HTTP request smuggling via bare line-feed sequences in HTTP headers. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-444.
Affected versions
- 2.7.2
- 3.1.0
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- To mitigate this issue, ensure that any reverse proxy deployed in front of OpenVPN Access Server is configured to strictly validate and normalize HTTP header fields, specifically rejecting or sanitizing bare line-feed sequences. Alternatively, consider restricting direct network access to the OpenVPN Access Server, bypassing the reverse proxy, if your deployment architecture allows for it without compromising other security requirements. Consult your reverse proxy's documentation for specific configuration options related to HTTP header parsing and normalization. Any changes to proxy configurations may require a service reload or restart to take effect, which could temporarily interrupt service.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.