Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.ROCKY_LINUX_RLSA-2022-8067.NASL
HistoryJan 27, 2023 - 12:00 a.m.

Rocky Linux 9 : httpd (RLSA-2022:8067)

2023-01-2700:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11

9.1 High

AI Score

Confidence

Low

JSON

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8067 advisory.

  • Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. (CVE-2022-31813)

  • A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)

  • If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)

  • Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)

  • Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’) vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.
    (CVE-2022-26377)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Rocky Linux Security Advisory RLSA-2022:8067.
##

include('compat.inc');

if (description)
{
  script_id(170713);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/06");

  script_cve_id(
    "CVE-2022-22719",
    "CVE-2022-22721",
    "CVE-2022-23943",
    "CVE-2022-26377",
    "CVE-2022-28614",
    "CVE-2022-28615",
    "CVE-2022-29404",
    "CVE-2022-30522",
    "CVE-2022-30556",
    "CVE-2022-31813"
  );
  script_xref(name:"RLSA", value:"2022:8067");

  script_name(english:"Rocky Linux 9 : httpd (RLSA-2022:8067)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Rocky Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the
RLSA-2022:8067 advisory.

  - Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on
    client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on
    the origin server/application. (CVE-2022-31813)

  - A carefully crafted request body can cause a read to a random memory area which could cause the process to
    crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)

  - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems
    an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server
    2.4.52 and earlier. (CVE-2022-22721)

  - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap
    memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and
    prior versions. (CVE-2022-23943)

  - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of
    Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This
    issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.
    (CVE-2022-26377)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://errata.rockylinux.org/RLSA-2022:8067");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2064319");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2064320");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2064322");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2073459");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2075406");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2079939");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2094997");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2095002");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2095006");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2095012");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2095015");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2095018");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2095020");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2095838");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-31813");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/01/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/01/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:httpd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:httpd-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:httpd-core-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:httpd-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:httpd-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:httpd-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:httpd-filesystem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:httpd-manual");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:httpd-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:httpd-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mod_ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mod_ldap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mod_lua");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mod_lua-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mod_proxy_html");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mod_proxy_html-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mod_session");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mod_session-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mod_ssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mod_ssl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rocky:linux:9");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Rocky Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RockyLinux/release", "Host/RockyLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RockyLinux/release');
if (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');
var os_ver = pregmatch(pattern: "Rocky(?: Linux)? release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 9.x', 'Rocky Linux ' + os_ver);

if (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);

var pkgs = [
    {'reference':'httpd-2.4.53-7.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-2.4.53-7.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-2.4.53-7.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-core-2.4.53-7.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-core-2.4.53-7.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-core-2.4.53-7.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-core-debuginfo-2.4.53-7.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-core-debuginfo-2.4.53-7.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-core-debuginfo-2.4.53-7.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-debuginfo-2.4.53-7.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-debuginfo-2.4.53-7.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-debuginfo-2.4.53-7.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-debugsource-2.4.53-7.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-debugsource-2.4.53-7.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-debugsource-2.4.53-7.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-devel-2.4.53-7.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-devel-2.4.53-7.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-devel-2.4.53-7.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-filesystem-2.4.53-7.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-manual-2.4.53-7.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-tools-2.4.53-7.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-tools-2.4.53-7.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-tools-2.4.53-7.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-tools-debuginfo-2.4.53-7.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-tools-debuginfo-2.4.53-7.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-tools-debuginfo-2.4.53-7.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_ldap-2.4.53-7.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_ldap-2.4.53-7.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_ldap-2.4.53-7.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_ldap-debuginfo-2.4.53-7.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_ldap-debuginfo-2.4.53-7.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_ldap-debuginfo-2.4.53-7.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_lua-2.4.53-7.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_lua-2.4.53-7.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_lua-2.4.53-7.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_lua-debuginfo-2.4.53-7.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_lua-debuginfo-2.4.53-7.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_lua-debuginfo-2.4.53-7.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_proxy_html-2.4.53-7.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
    {'reference':'mod_proxy_html-2.4.53-7.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
    {'reference':'mod_proxy_html-2.4.53-7.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
    {'reference':'mod_proxy_html-debuginfo-2.4.53-7.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
    {'reference':'mod_proxy_html-debuginfo-2.4.53-7.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
    {'reference':'mod_proxy_html-debuginfo-2.4.53-7.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
    {'reference':'mod_session-2.4.53-7.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_session-2.4.53-7.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_session-2.4.53-7.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_session-debuginfo-2.4.53-7.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_session-debuginfo-2.4.53-7.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_session-debuginfo-2.4.53-7.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_ssl-2.4.53-7.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
    {'reference':'mod_ssl-2.4.53-7.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
    {'reference':'mod_ssl-2.4.53-7.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
    {'reference':'mod_ssl-debuginfo-2.4.53-7.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
    {'reference':'mod_ssl-debuginfo-2.4.53-7.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
    {'reference':'mod_ssl-debuginfo-2.4.53-7.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-core / httpd-core-debuginfo / httpd-debuginfo / etc');
}
VendorProductVersionCPE
rockylinuxhttpdp-cpe:/a:rocky:linux:httpd
rockylinuxhttpd-corep-cpe:/a:rocky:linux:httpd-core
rockylinuxhttpd-core-debuginfop-cpe:/a:rocky:linux:httpd-core-debuginfo
rockylinuxhttpd-debuginfop-cpe:/a:rocky:linux:httpd-debuginfo
rockylinuxhttpd-debugsourcep-cpe:/a:rocky:linux:httpd-debugsource
rockylinuxhttpd-develp-cpe:/a:rocky:linux:httpd-devel
rockylinuxhttpd-filesystemp-cpe:/a:rocky:linux:httpd-filesystem
rockylinuxhttpd-manualp-cpe:/a:rocky:linux:httpd-manual
rockylinuxhttpd-toolsp-cpe:/a:rocky:linux:httpd-tools
rockylinuxhttpd-tools-debuginfop-cpe:/a:rocky:linux:httpd-tools-debuginfo
Rows per page:
1-10 of 211

References

Related

oraclelinux 3
rocky 2
redhat 5
nessus 75
osv 16
almalinux 2
fedora 5
suse 3
ubuntu 5
ibm 26
altlinux 4
redos 2
slackware 2
amazon 4
kaspersky 2
freebsd 2
mageia 2
photon 8
cloudlinux 1
rosalinux 2
gentoo 1
debian 1
ics 1
thn 1
cbl_mariner 2
cve 2
f5 3
githubexploit 1
hackerone 2
prion 2
httpd 1
ubuntucve 2
alpinelinux 2
debiancve 2
redhatcve 2
veracode 2
zdi 1
oraclelinux
oraclelinux
httpd security, bug fix, and enhancement update
2022-11-22 00:00:00
httpd:2.4 security update
2022-11-15 00:00:00
httpd:2.4 security update
2022-08-10 00:00:00
rocky
rocky
httpd:2.4 security update
2022-11-08 06:25:28
httpd security, bug fix, and enhancement update
2022-11-15 06:14:59
redhat
redhat
(RHSA-2022:7647) Moderate: httpd:2.4 security update
2022-11-08 06:25:28
(RHSA-2022:8067) Moderate: httpd security, bug fix, and enhancement update
2022-11-15 06:14:59
(RHSA-2022:6753) Moderate: httpd24-httpd security and bug fix update
2022-09-29 13:20:41
nessus
nessus
RHEL 9 : httpd (RHSA-2022:8067)
2022-11-15 00:00:00
CentOS 8 : httpd:2.4 (CESA-2022:7647)
2022-11-09 00:00:00
RHEL 8 : httpd:2.4 (RHSA-2022:7647)
2022-11-09 00:00:00
osv
osv
Moderate: httpd:2.4 security update
2022-11-08 06:25:28
Moderate: httpd security, bug fix, and enhancement update
2022-11-15 00:00:00
Moderate: httpd security, bug fix, and enhancement update
2022-11-15 06:14:59
almalinux
almalinux
Moderate: httpd:2.4 security update
2022-11-08 00:00:00
Moderate: httpd security, bug fix, and enhancement update
2022-11-15 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: httpd-2.4.54-3.fc36
2022-07-01 01:09:46
[SECURITY] Fedora 35 Update: httpd-2.4.54-1.fc35
2022-07-06 01:54:10
[SECURITY] Fedora 34 Update: httpd-2.4.53-1.fc34
2022-03-25 22:06:50
suse
suse
Security update for apache2 (important)
2022-07-06 00:00:00
Security update for apache2 (important)
2022-07-08 00:00:00
Security update for apache2 (important)
2022-03-29 00:00:00
ubuntu
ubuntu
Apache HTTP Server regression
2022-06-23 00:00:00
Apache HTTP Server regression
2022-06-23 00:00:00
Apache HTTP Server vulnerabilities
2022-06-21 00:00:00
ibm
ibm
Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-26377, CVE-2022-31813, CVE-2022-30556)
2022-06-30 06:55:26
Security Bulletin: Multiple Vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server
2022-06-16 17:12:43
Security Bulletin: IBM Security SiteProtector System is affected by multiple Apache HTTP Server Vulnerabilities
2022-08-08 08:16:32
altlinux
altlinux
Security fix for the ALT Linux 10 package apache2 version 1:2.4.54-alt1
2022-06-21 00:00:00
Security fix for the ALT Linux 9 package apache2 version 1:2.4.54-alt1
2022-06-19 00:00:00
Security fix for the ALT Linux 9 package apache2 version 1:2.4.53-alt1
2022-03-29 00:00:00
redos
redos
ROS-20220628-01
2022-06-28 00:00:00
ROS-20220317-01
2022-03-17 00:00:00
slackware
slackware
[slackware-security] httpd
2022-06-08 19:24:07
[slackware-security] httpd
2022-03-15 01:06:06
amazon
amazon
Medium: httpd
2022-07-06 03:12:00
Medium: httpd24
2022-06-30 23:38:00
Important: httpd24
2022-04-26 17:12:00
kaspersky
kaspersky
KLA12554 Multiple vulnerabilities in Apache HTTP Server
2022-06-08 00:00:00
KLA12485 Multiple vulnerabilities in Apache HTTP Server
2022-03-14 00:00:00
freebsd
freebsd
Apache httpd -- Multiple vulnerabilities
2022-06-08 00:00:00
Apache httpd -- Multiple vulnerabilities
2022-03-14 00:00:00
mageia
mageia
Updated apache packages fix security vulnerability
2022-06-13 23:44:20
Updated apache packages fix security vulnerability
2022-03-21 23:18:30
photon
photon
Critical Photon OS Security Update - PHSA-2022-0489
2022-06-22 00:00:00
Critical Photon OS Security Update - PHSA-2022-0202
2022-06-22 00:00:00
Critical Photon OS Security Update - PHSA-2022-0409
2022-06-23 00:00:00
cloudlinux
cloudlinux
Fixed CVEs in httpd: CVE-2022-31813, CVE-2022-28615, CVE-2022-26377
2022-06-28 20:14:01
rosalinux
rosalinux
Advisory ROSA-SA-2023-2161
2023-05-03 11:17:19
Advisory ROSA-SA-2023-2160
2023-04-25 12:02:31
gentoo
gentoo
Apache HTTPD: Multiple Vulnerabilities
2022-08-14 00:00:00
debian
debian
[SECURITY] [DLA 2960-1] apache2 security update
2022-03-22 07:32:37
ics
ics
Mitsubishi Electric MELSOFT iQ AppPortal
2023-02-21 12:00:00
thn
thn
QNAP Advises Users to Update NAS Firmware to Patch Apache HTTP Vulnerabilities
2022-04-22 08:15:00
cbl_mariner
cbl_mariner
CVE-2022-23943 affecting package httpd 2.4.52-1
2022-04-07 06:04:02
CVE-2022-22719 affecting package httpd 2.4.52-1
2022-04-26 19:57:38
cve
cve
CVE-2022-23943
2022-03-14 11:15:00
CVE-2022-22719
2022-03-14 11:15:00
f5
f5
K40582331 : Apache HTTP server vulnerability CVE-2022-28615
2022-07-08 00:00:00
Apache HTTP Server vulnerability CVE-2022-31813
2022-07-29 18:54:00
K20451100 : Apache vulnerability CVE-2022-22721
2022-04-12 00:00:00
githubexploit
githubexploit
Exploit for HTTP Request Smuggling in Apache Http Server
2024-04-12 03:59:03
hackerone
hackerone
Internet Bug Bounty: Apache HTTP Server: mod_proxy_ajp: Possible request smuggling
2022-06-08 10:29:46
Internet Bug Bounty: Read and write beyond bounds in mod_sed
2022-03-14 19:03:51
prion
prion
Design/Logic Flaw
2022-03-14 11:15:00
Integer overflow
2022-03-14 11:15:00
httpd
httpd
Apache Httpd < 2.4.53 : mod_lua Use of uninitialized value of in r:parsebody
2022-03-14 00:00:00
ubuntucve
ubuntucve
CVE-2022-22719
2022-03-14 00:00:00
CVE-2022-22721
2022-03-14 00:00:00
alpinelinux
alpinelinux
CVE-2022-31813
2022-06-09 17:15:00
CVE-2022-22721
2022-03-14 11:15:00
debiancve
debiancve
CVE-2022-31813
2022-06-09 17:15:00
CVE-2022-22721
2022-03-14 11:15:00
redhatcve
redhatcve
CVE-2022-31813
2022-06-08 20:02:05
CVE-2022-22719
2022-03-15 14:43:48
veracode
veracode
Out-of-bounds Write
2022-03-15 13:26:56
Denial Of Service (DoS)
2022-03-15 10:14:37
zdi
zdi
Apache HTTPD Server ap_escape_html2 Integer Overflow Remote Code Execution Vulnerability
2022-06-29 00:00:00

9.1 High

AI Score

Confidence

Low

JSON
Related for ROCKY_LINUX_RLSA-2022-8067.NASL
oraclelinux3rocky2redhat5nessus75osv16almalinux2fedora5suse3ubuntu5ibm26altlinux4redos2slackware2amazon4kaspersky2freebsd2mageia2photon8cloudlinux1rosalinux2gentoo1debian1ics1thn1cbl_mariner2cve2f53githubexploit1hackerone2prion2httpd1ubuntucve2alpinelinux2debiancve2redhatcve2veracode2zdi1