9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.423 Medium
EPSS
Percentile
97.3%
Software: httpd 2.4.37
OS: ROSA Virtualization 2.1
package_evr_string: httpd-2.4.37-51.rv3.5.src.rpm
CVE-ID: CVE-2022-28614
BDU-ID: 2022-04102
CVE-Crit: MEDIUM
CVE-DESC: A vulnerability in the ap_rwrite() function of the Apache HTTP Server web server is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update httpd command
CVE-ID: CVE-2022-28615
BDU-ID: 2022-04146
CVE-Crit: MEDIUM
CVE-DESC: A vulnerability in the ap_strcmp_match() function of the Apache HTTP Server web server is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service or gain unauthorized access to protected information by sending a specially crafted HTTP request
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update httpd command
CVE-ID: CVE-2022-29404
BDU-ID: 2022-04147
CVE-Crit: MEDIUM
CVE-DESC: A vulnerability in the mod_lua module of the Apache HTTP Server web server is related to unrestricted resource allocation when processing a function with the null parameter r:parsebody(0). Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by sending a specially crafted HTTP request
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update httpd command
CVE-ID: CVE-2022-30522
BDU-ID: 2022-04145
CVE-Crit: N/A
CVE-DESC: A mod_sed content filter vulnerability in the Apache HTTP Server web server is related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update httpd command
CVE-ID: CVE-2022-30556
BDU-ID: 2022-04106
CVE-Crit: MEDIUM
CVE-DESC: A vulnerability in the r:wsread() function of the mod_lua module of the Apache HTTP Server web server is related to insufficient protection of service data. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update httpd command.
CVE-ID: CVE-2022-31813
BDU-ID: 2022-04141
CVE-Crit: MEDIUM
CVE-DESC: A vulnerability in the mod_proxy module of the Apache HTTP Server web server is related to insufficient data authentication or the use of an untrusted source when processing X-Forwarded-* headers. Exploitation of the vulnerability could allow an attacker acting remotely to bypass security restrictions
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update httpd command
CVE-ID: CVE-2022-36760
BDU-ID: 2023-00495
CVE-Crit: N/A
CVE-DESC: A vulnerability in the mod_proxy_ajp module of the Apache HTTP Server web server is related to flaws in the handling of the Transfer-Encoding header. Exploitation of the vulnerability could allow a remote attacker to send a stealthy HTTP request (HTTP Request Smuggling attack).
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update httpd command.
CVE-ID: CVE-2022-37436
BDU-ID: 2023-00496
CVE-Crit: MEDIUM
CVE-DESC: A vulnerability in the mod_proxy module of the Apache HTTP Server web server is related to failure to handle CRLF sequences in HTTP headers. Exploitation of the vulnerability could allow an attacker acting remotely to perform HTTP response splitting attacks
CVE-STATUS: Resolved
CVE-REV: To close, run yum update httpd command
CVE-ID: CVE-2023-25690
BDU-ID: 2023-01738
CVE-Crit: CRITICAL.
CVE-DESC: A vulnerability in the mod_proxy module of the Apache HTTP Server web server is related to flaws in the handling of the Transfer-Encoding header. Exploitation of the vulnerability could allow an attacker acting remotely to send a stealthy HTTP request (HTTP Request Smuggling attack)
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update httpd command.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.423 Medium
EPSS
Percentile
97.3%