VuXML ID | Description |
6601c08d-a46c-11ec-8be6-d4c9ef517024 | Apache httpd -- Multiple vulnerabilities
The Apache httpd project reports:
mod_lua: Use of uninitialized value of in r:parsebody (moderate)
(CVE-2022-22719) A carefully crafted request body can cause a
read to a random memory area which could cause the process to crash.
HTTP request smuggling vulnerability (important) (CVE-2022-22720)
httpd fails to close inbound connection when errors are
encountered discarding the request body, exposing the server to HTTP
Request Smuggling
core: Possible buffer overflow with very large or unlimited
LimitXMLRequestBody (low) (CVE-2022-22721) If LimitXMLRequestBody
is set to allow request bodies larger than 350MB (defaults to 1M) on 32
bit systems an integer overflow happens which later causes out of
bounds writes.
mod_sed: Read/write beyond bounds (important) (CVE-2022-23924)
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server
allows an attacker to overwrite heap memory with possibly attacker
provided data.
Discovery 2022-03-14 Entry 2022-03-15 apache24
< 2.4.53
CVE-2022-22719
CVE-2022-22720
CVE-2022-22721
CVE-2022-23943
https://httpd.apache.org/security/vulnerabilities_24.html
|
49adfbe5-e7d1-11ec-8fbd-d4c9ef517024 | Apache httpd -- Multiple vulnerabilities
The Apache httpd project reports:
- CVE-2022-31813: mod_proxy X-Forwarded-For dropped by hop-by-hop
mechanism. Apache HTTP Server 2.4.53 and earlier may not send the
X-Forwarded-* headers to the origin server based on client side
Connection header hop-by-hop mechanism. This may be used to bypass
IP based authentication on the origin server/application.
- CVE-2022-30556: Information Disclosure in mod_lua with websockets.
Apache HTTP Server 2.4.53 and earlier may return lengths to
applications calling r:wsread() that point past the end of the
storage allocated for the buffer.
- CVE-2022-30522: mod_sed denial of service. If Apache HTTP Server
2.4.53 is configured to do transformations with mod_sed in contexts
where the input to mod_sed may be very large, mod_sed may make
excessively large memory allocations and trigger an abort.
- CVE-2022-29404: Denial of service in mod_lua r:parsebody. In Apache
HTTP Server 2.4.53 and earlier, a malicious request to a lua script
that calls r:parsebody(0) may cause a denial of service due to no
default limit on possible input size.
- CVE-2022-28615: Read beyond bounds in ap_strcmp_match(). Apache
HTTP Server 2.4.53 and earlier may crash or disclose information due
to a read beyond bounds in ap_strcmp_match() when provided with an
extremely large input buffer. While no code distributed with the
server can be coerced into such a call, third-party modules or lua
scripts that use ap_strcmp_match() may hypothetically be affected.
- CVE-2022-28614: read beyond bounds via ap_rwrite(). The ap_rwrite()
function in Apache HTTP Server 2.4.53 and earlier may read unintended
memory if an attacker can cause the server to reflect very large
input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts()
function.
- CVE-2022-28330: read beyond bounds in mod_isapi. Apache HTTP Server
2.4.53 and earlier on Windows may read beyond bounds when configured
to process requests with the mod_isapi module.
- CVE-2022-26377: mod_proxy_ajp: Possible request smuggling.
Inconsistent Interpretation of HTTP Requests ('HTTP Request
Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server
allows an attacker to smuggle requests to the AJP server it forwards
requests to.
Discovery 2022-06-08 Entry 2022-06-09 Modified 2022-06-10 apache24
< 2.4.54
CVE-2022-31813
CVE-2022-30556
CVE-2022-30522
CVE-2022-29404
CVE-2022-28615
CVE-2022-28614
CVE-2022-28330
CVE-2022-26377
http://downloads.apache.org/httpd/CHANGES_2.4.54
|
ca982e2d-61a9-11ec-8be6-d4c9ef517024 | Apache httpd -- Multiple vulnerabilities
The Apache httpd project reports:
moderate: Possible NULL dereference or SSRF in forward proxy
configurations in Apache HTTP Server 2.4.51 and earlier (CVE-2021-44224)
A crafted URI sent to httpd configured as a forward proxy
(ProxyRequests on) can cause a crash (NULL pointer dereference) or, for
configurations mixing forward and reverse proxy declarations, can allow
for requests to be directed to a declared Unix Domain Socket endpoint
(Server Side Request Forgery).
high: Possible buffer overflow when parsing multipart content in
mod_lua of Apache HTTP Server 2.4.51 and earlier (CVE-2021-44790) A
carefully crafted request body can cause a buffer overflow in the
mod_lua multipart parser (r:parsebody() called from Lua scripts).
Discovery 2021-12-20 Entry 2021-12-20 apache24
< 2.4.52
CVE-2021-44224
CVE-2021-44790
https://httpd.apache.org/security/vulnerabilities_24.html
|
882a38f9-17dd-11ec-b335-d4c9ef517024 | Apache httpd -- multiple vulnerabilities
The Apache project reports:
- moderate: Request splitting via HTTP/2 method injection and
mod_proxy (CVE-2021-33193)
- moderate: NULL pointer dereference in httpd core
(CVE-2021-34798)
- moderate: mod_proxy_uwsgi out of bound read (CVE-2021-36160)
- low: ap_escape_quotes buffer overflow (CVE-2021-39275)
- high: mod_proxy SSRF (CVE-2021-40438)
Discovery 2021-09-16 Entry 2021-09-17 Modified 2021-09-28 apache24
< 2.4.49
CVE-2021-33193
CVE-2021-34798
CVE-2021-36160
CVE-2021-39275
CVE-2021-40438
http://httpd.apache.org/security/vulnerabilities_24.html
|