TencentOS Server 3: httpd (TSSA-2022:0271)

🗓️ 16 Jun 2025 00:00:00Reported by TenableType

TencentOS Server 3 is vulnerable due to outdated Apache HTTP Server; updates fix multiple issues.

Reporter	Title	Published	Views	Family All 446
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server	25 Jul 202215:18	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Rational Build Forge 8.0.0.25 addresses multiple vulnerabilities	24 Nov 202313:49	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use Mapping Assistance may be vulnerable to CVE-2022-29404, CVE-2022-30522, CVE-2022-30556 and CVE-2022-31813	7 Nov 202211:13	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager.	26 Sep 202218:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Aspera Orchestrator affected by Apache HTTP Server vulnerability (CVE-2022-30556)	2 Feb 202317:32	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Aspera Faspex 4.4.2 PL2 has addressed multiple vulnerabilities (CVE-2022-28330, CVE-2023-22868, CVE-2022-30556, CVE-2022-31813, CVE-2022-30522, CVE-2022-47986, CVE-2022-28615, CVE-2022-26377, CVE-2018-25032, CVE-2022-2068)	12 Nov 202402:31	–	ibm
IBM Security Bulletins	WebSphere Application Server and IBM HTTP Server Security Bulletin List	13 Jul 202218:04	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Aspera Orchestrator affected by denial of service vulnerability (CVE-2022-29404)	2 Feb 202317:39	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security SiteProtector System is affected by multiple Apache HTTP Server Vulnerabilities	8 Aug 202208:16	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Aspera Orchestrator affected by vulnerability (CVE-2022-28615)	7 Feb 202320:45	–	ibm

Source	Link
mirrors	www.mirrors.tencent.com/tlinux/errata/tssa-20220271.xml
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Tencent Linux Security Advisory TSSA-2022:0271.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(239116);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/12/05");

  script_cve_id(
    "CVE-2022-26377",
    "CVE-2022-28614",
    "CVE-2022-28615",
    "CVE-2022-29404",
    "CVE-2022-30522",
    "CVE-2022-30556",
    "CVE-2022-31813"
  );

  script_name(english:"TencentOS Server 3: httpd (TSSA-2022:0271)");

  script_set_attribute(attribute:"synopsis", value:
"The remote TencentOS Server 3 host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is,
therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0271 advisory.

    Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:

      CVE-2022-28614:
      The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an
    attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with
    mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use
    the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against
    current headers to resolve the issue.

      CVE-2022-28615:
      Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in
    ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the
    server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may
    hypothetically be affected.

      CVE-2022-30522:
      If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the
    input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an
    abort.

      CVE-2022-30556:
      Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point
    past the end of the storage allocated for the buffer.

      CVE-2022-31813:
      Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based
    on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication
    on the origin server/application.

      CVE-2022-29404:
      In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0)
    may cause a denial of service due to no default limit on possible input size.

      CVE-2022-26377:
      Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp
    of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.
    This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://mirrors.tencent.com/tlinux/errata/tssa-20220271.xml");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-31813");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/12/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/12/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/06/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:tencent:tencentos_server:3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:httpd");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tencent Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/etc/os-release", "Host/TencentOS/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'TencentOS' >!< os_product) audit(AUDIT_OS_NOT, 'TencentOS');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'TencentOS');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'TencentOS 3.x', 'TencentOS ' + os_version);

if (!get_kb_item('Host/TencentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'TencentOS', cpu);

var constraints = [
  {
    'release': '3',
    'pkgs': [
      {'reference':'httpd-2.4.37-51.module+el8.6.0+393+6e46e62a', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd-2.4.37-51.module+el8.6.0+393+6e46e62a', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd-debuginfo-2.4.37-51.module+el8.6.0+393+6e46e62a', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd-debuginfo-2.4.37-51.module+el8.6.0+393+6e46e62a', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd-debugsource-2.4.37-51.module+el8.6.0+393+6e46e62a', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd-debugsource-2.4.37-51.module+el8.6.0+393+6e46e62a', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd-devel-2.4.37-51.module+el8.6.0+393+6e46e62a', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd-devel-2.4.37-51.module+el8.6.0+393+6e46e62a', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd-filesystem-2.4.37-51.module+el8.6.0+393+6e46e62a', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd-manual-2.4.37-51.module+el8.6.0+393+6e46e62a', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd-tools-2.4.37-51.module+el8.6.0+393+6e46e62a', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd-tools-2.4.37-51.module+el8.6.0+393+6e46e62a', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd-tools-debuginfo-2.4.37-51.module+el8.6.0+393+6e46e62a', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd-tools-debuginfo-2.4.37-51.module+el8.6.0+393+6e46e62a', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mod_ldap-2.4.37-51.module+el8.6.0+393+6e46e62a', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mod_ldap-2.4.37-51.module+el8.6.0+393+6e46e62a', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mod_ldap-debuginfo-2.4.37-51.module+el8.6.0+393+6e46e62a', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mod_ldap-debuginfo-2.4.37-51.module+el8.6.0+393+6e46e62a', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mod_proxy_html-2.4.37-51.module+el8.6.0+393+6e46e62a', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mod_proxy_html-2.4.37-51.module+el8.6.0+393+6e46e62a', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mod_proxy_html-debuginfo-2.4.37-51.module+el8.6.0+393+6e46e62a', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mod_proxy_html-debuginfo-2.4.37-51.module+el8.6.0+393+6e46e62a', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mod_session-2.4.37-51.module+el8.6.0+393+6e46e62a', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mod_session-2.4.37-51.module+el8.6.0+393+6e46e62a', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mod_session-debuginfo-2.4.37-51.module+el8.6.0+393+6e46e62a', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mod_session-debuginfo-2.4.37-51.module+el8.6.0+393+6e46e62a', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mod_ssl-2.4.37-51.module+el8.6.0+393+6e46e62a', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mod_ssl-2.4.37-51.module+el8.6.0+393+6e46e62a', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mod_ssl-debuginfo-2.4.37-51.module+el8.6.0+393+6e46e62a', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mod_ssl-debuginfo-2.4.37-51.module+el8.6.0+393+6e46e62a', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-debuginfo / httpd-debugsource / etc');
}

05 Dec 2025 00:00Current

7.9High risk

Vulners AI Score7.9

CVSS 27.5

CVSS 3.19.1 - 9.8

EPSS0.32376

SSVC