Lucene search

K
broadcomBroadcom Security ResponseBSNSA22355
HistoryAug 01, 2023 - 12:00 a.m.

CVE-2022-28615: Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read

2023-08-0100:00:00
Broadcom Security Response
support.broadcom.com
28
cve-2022-28615
apache http server
information disclosure
buffer overflow
third-party modules

EPSS

0.015

Percentile

86.8%

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.