CVE-2022-29404

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...

CVE-2022-29404 Denial of service in mod_lua r:parsebody

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...

CVE-2022-28615

CVE-2022-28615 affects Apache HTTP Server 2.4.53 and earlier, where a read beyond bounds can occur in ap_strcmp_match() when given a very large input buffer. The issue may affect third‑party modules or lua scripts that call this function. Advisories in connected documents reference an official fi...

CVE-2022-28615 Read beyond bounds in ap_strcmp_match()

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...

CVE-2022-28615

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...

CVE-2022-28615

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...

CVE-2022-28614 read beyond bounds via ap_rwrite()

The aprwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using aprwrite or aprputs, such as with modluas r:puts function. Modules compiled and distributed separately from Apache HTTP Server that use t...

CVE-2022-28614

CVE-2022-28614 affects Apache HTTP Server 2.4.53 and earlier. The vulnerability stems from ap_rwrite() potentially reading unintended memory when reflecting very large input via ap_rwrite() or ap_rputs(), notably with mod_luas r:puts(). Modules compiled against older headers that use ap_rputs may...

CVE-2022-28614

The aprwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using aprwrite or aprputs, such as with modluas r:puts function. Modules compiled and distributed separately from Apache HTTP Server that use t...

CVE-2022-28330

CVE-2022-28330 affects Apache HTTP Server 2.4.53 and earlier on Windows, describing an out-of-bounds read when processing requests with the mod_isapi module. Public references in ALAS advisories indicate the fix is included in httpd 2.4.54 (and related ALT Linux advisories). Mitigation requires u...

CVE-2022-28330 read beyond bounds in mod_isapi

Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the modisapi module...

CVE-2022-28330

Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the modisapi module...

CVE-2022-26377

CVE-2022-26377 is a real HTTP Request Smuggling vulnerability in the mod_proxy_ajp module of Apache HTTP Server. Affected: Apache httpd 2.4.53 and earlier. Description across sources confirms that an attacker can smuggle requests to the AJP server to which httpd forwards traffic. Patches/updates ...

CVE-2022-26377

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions...

CVE-2022-26377 mod_proxy_ajp: Possible request smuggling

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions...

CVE-2022-26377

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions...

Apache HTTP Server 资源管理错误漏洞

Apache HTTP Server is an open source web server from the Apache Foundation. Apache HTTP Server modsed suffers from a denial-of-service vulnerability that stems from the fact that modsed may allocate too much memory and trigger an abort when modsed input is too large. An attacker could exploit thi...

Apache HTTP Server 数据伪造问题漏洞

Apache HTTP Server is an open source web server from the Apache Foundation. Apache HTTP Server is vulnerable to a data forgery issue that stems from modproxy's X-Forwarded-For hop-by-hop mechanism discard. An attacker could use this vulnerability to bypass IP-based authentication on the source...

PT-2022-3378 · Apache +10 · Apache Http Server +10

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.53 and earlier Description: The issue is related to the mod lua module in Apache HTTP Server, where a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default...

PT-2022-3349 · Apache +10 · Apache Http Server +10

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.53 and earlier Description: The issue is related to the r:wsread function in the mod lua module of the Apache HTTP Server, which may return lengths that point past the end of the allocated buffer storage. This...