VuXML ID | Description |
6601c08d-a46c-11ec-8be6-d4c9ef517024 | Apache httpd -- Multiple vulnerabilities
The Apache httpd project reports:
mod_lua: Use of uninitialized value of in r:parsebody (moderate)
(CVE-2022-22719) A carefully crafted request body can cause a
read to a random memory area which could cause the process to crash.
HTTP request smuggling vulnerability (important) (CVE-2022-22720)
httpd fails to close inbound connection when errors are
encountered discarding the request body, exposing the server to HTTP
Request Smuggling
core: Possible buffer overflow with very large or unlimited
LimitXMLRequestBody (low) (CVE-2022-22721) If LimitXMLRequestBody
is set to allow request bodies larger than 350MB (defaults to 1M) on 32
bit systems an integer overflow happens which later causes out of
bounds writes.
mod_sed: Read/write beyond bounds (important) (CVE-2022-23924)
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server
allows an attacker to overwrite heap memory with possibly attacker
provided data.
Discovery 2022-03-14 Entry 2022-03-15 apache24
< 2.4.53
CVE-2022-22719
CVE-2022-22720
CVE-2022-22721
CVE-2022-23943
https://httpd.apache.org/security/vulnerabilities_24.html
|
d001c189-2793-11ec-8fb1-206a8a720317 | Apache httpd -- Path Traversal and Remote Code Execution
The Apache http server project reports:
critical: Path Traversal and Remote Code Execution in Apache HTTP
Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
(CVE-2021-42013).
It was found that the fix for CVE-2021-41773 in Apache HTTP
Server 2.4.50 was insufficient. An attacker could use a path
traversal attack to map URLs to files outside the directories
configured by Alias-like directives.
If files outside of these directories are not protected by the
usual default configuration "require all denied", these requests
can succeed. If CGI scripts are also enabled for these aliased
pathes, this could allow for remote code execution.
This issue only affects Apache 2.4.49 and Apache 2.4.50 and not
earlier versions.
Acknowledgements: Reported by Juan Escobar from Dreamlab
Technologies, Fernando Munoz from NULL Life CTF Team, and
Shungo Kumasaka
Discovery 2021-10-07 Entry 2021-10-07 apache24
ge 2.4.49 lt 2.4.51
CVE-2021-42013
|
00919005-96a3-11ed-86e9-d4c9ef517024 | Apache httpd -- Multiple vulnerabilities
The Apache httpd project reports:
mod_dav out of bounds read, or write of zero byte (CVE-2006-20001)
(moderate)
mod_proxy_ajp Possible request smuggling (CVE-2022-36760) (moderate)
mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response
splitting (CVE-2022-37436) (moderate)
Discovery 2023-01-17 Entry 2023-01-17 apache24
< 2.4.55
CVE-2022-37436
CVE-2022-36760
CVE-2006-20001
https://downloads.apache.org/httpd/CHANGES_2.4.55
|
25b78bdd-25b8-11ec-a341-d4c9ef517024 | Apache httpd -- Multiple vulnerabilities
The Apache http server project reports:
- moderate: null pointer dereference in h2 fuzzing
(CVE-2021-41524)
- important: Path traversal and file disclosure vulnerability in
Apache HTTP Server 2.4.49 (CVE-2021-41773)
Discovery 2021-10-05 Entry 2021-10-05 Modified 2021-10-06 apache24
ge 2.4.49 lt 2.4.50
CVE-2021-41524
CVE-2021-41773
https://httpd.apache.org/security/vulnerabilities_24.html
|
ca982e2d-61a9-11ec-8be6-d4c9ef517024 | Apache httpd -- Multiple vulnerabilities
The Apache httpd project reports:
moderate: Possible NULL dereference or SSRF in forward proxy
configurations in Apache HTTP Server 2.4.51 and earlier (CVE-2021-44224)
A crafted URI sent to httpd configured as a forward proxy
(ProxyRequests on) can cause a crash (NULL pointer dereference) or, for
configurations mixing forward and reverse proxy declarations, can allow
for requests to be directed to a declared Unix Domain Socket endpoint
(Server Side Request Forgery).
high: Possible buffer overflow when parsing multipart content in
mod_lua of Apache HTTP Server 2.4.51 and earlier (CVE-2021-44790) A
carefully crafted request body can cause a buffer overflow in the
mod_lua multipart parser (r:parsebody() called from Lua scripts).
Discovery 2021-12-20 Entry 2021-12-20 apache24
< 2.4.52
CVE-2021-44224
CVE-2021-44790
https://httpd.apache.org/security/vulnerabilities_24.html
|
49adfbe5-e7d1-11ec-8fbd-d4c9ef517024 | Apache httpd -- Multiple vulnerabilities
The Apache httpd project reports:
- CVE-2022-31813: mod_proxy X-Forwarded-For dropped by hop-by-hop
mechanism. Apache HTTP Server 2.4.53 and earlier may not send the
X-Forwarded-* headers to the origin server based on client side
Connection header hop-by-hop mechanism. This may be used to bypass
IP based authentication on the origin server/application.
- CVE-2022-30556: Information Disclosure in mod_lua with websockets.
Apache HTTP Server 2.4.53 and earlier may return lengths to
applications calling r:wsread() that point past the end of the
storage allocated for the buffer.
- CVE-2022-30522: mod_sed denial of service. If Apache HTTP Server
2.4.53 is configured to do transformations with mod_sed in contexts
where the input to mod_sed may be very large, mod_sed may make
excessively large memory allocations and trigger an abort.
- CVE-2022-29404: Denial of service in mod_lua r:parsebody. In Apache
HTTP Server 2.4.53 and earlier, a malicious request to a lua script
that calls r:parsebody(0) may cause a denial of service due to no
default limit on possible input size.
- CVE-2022-28615: Read beyond bounds in ap_strcmp_match(). Apache
HTTP Server 2.4.53 and earlier may crash or disclose information due
to a read beyond bounds in ap_strcmp_match() when provided with an
extremely large input buffer. While no code distributed with the
server can be coerced into such a call, third-party modules or lua
scripts that use ap_strcmp_match() may hypothetically be affected.
- CVE-2022-28614: read beyond bounds via ap_rwrite(). The ap_rwrite()
function in Apache HTTP Server 2.4.53 and earlier may read unintended
memory if an attacker can cause the server to reflect very large
input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts()
function.
- CVE-2022-28330: read beyond bounds in mod_isapi. Apache HTTP Server
2.4.53 and earlier on Windows may read beyond bounds when configured
to process requests with the mod_isapi module.
- CVE-2022-26377: mod_proxy_ajp: Possible request smuggling.
Inconsistent Interpretation of HTTP Requests ('HTTP Request
Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server
allows an attacker to smuggle requests to the AJP server it forwards
requests to.
Discovery 2022-06-08 Entry 2022-06-09 Modified 2022-06-10 apache24
< 2.4.54
CVE-2022-31813
CVE-2022-30556
CVE-2022-30522
CVE-2022-29404
CVE-2022-28615
CVE-2022-28614
CVE-2022-28330
CVE-2022-26377
http://downloads.apache.org/httpd/CHANGES_2.4.54
|