Denial Of Service (DoS)

Apache HTTP Server is vulnerable to denial of service. The vulnerability exists due to a lack of sanitization with modsed in contexts where the input to modsed may be very large, modsed may make excessively large memory allocations and trigger an abort...

CVE-2022-25167

Apache Flume (versions 1.4.0–1.9.0) is vulnerable to remote code execution when a JMS Source is configured with a JNDI LDAP data source URI and an attacker controls the target LDAP server. The underlying issue is the JNDI usage, which can be exploited to run arbitrary code on the target. Remediat...

Mageia: Security Advisory (MGASA-2022-0228)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP request smuggling and a buffer overflow (CVE-2022-22720, CVE-2022-22721)

Summary IBM HTTP Server powered by Apache for IBM i is vulnerable to HTTP requst smuggling and a buffer overflow attack as described in the vulnerability details section. IBM i has addressed the CVEs by providing fixes to the Apache HTTP Server implementation as described in the Remediation/Fixes...

Updated apache packages fix security vulnerability

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions...

Out-of-Bounds Read

Apache HTTP Server is vulnerable to out of bounds read. The vulnerability exists due to a lack of sanitization of the aprwrite function allowing an attacker to cause the server to reflect very large input using aprwrite or aprputs, such as with modluas r:puts function...

Denial Of Service (DoS)

Apache HTTP Server is vulnerable to denial of service. The vulnerability exists due to a lack of sanitization allowing an attacker to crash the system via an out of bounds read in apstrcmpmatch when provided with an extremely large input buffer...

Denial Of Service (DoS)

Apache HTTP Server is vulnerable to denial of service. The vulnerability exists due to a lack of sanitization to the input size allowing an attacker to crash the system via a malicious request to a lua script that calls r:parsebody0...

HTTP Request Smuggling (HRS)

Apache HTTP Server is vulnerable to http request smuggling . The vulnerability exists due to inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp which allows an attacker to smuggle requests to the AJP server it forwards requests...

Apache HTTP Server < 2.4.54 Multiple Vulnerabilities - Linux

Apache HTTP Server is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

Apache HTTP Server 2.4.53 DoS Vulnerability - Linux

Apache HTTP Server is prone to a denial of service DoS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

CVE-2022-28615

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...

CVE-2022-31813

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application...

Out-of-bounds

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...

CVE-2022-30556

Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread that point past the end of the storage allocated for the buffer...

[slackware-security] httpd

New httpd packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/httpd-2.4.54-i586-1slack15.0.txz: Upgraded. This update fixes bugs and the following security issues: modproxy...

CVE-2022-30556 Information Disclosure in mod_lua with websockets

Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread that point past the end of the storage allocated for the buffer...

CVE-2022-30522 mod_sed denial of service

If Apache HTTP Server 2.4.53 is configured to do transformations with modsed in contexts where the input to modsed may be very large, modsed may make excessively large memory allocations and trigger an abort...

CVE-2022-30522

If Apache HTTP Server 2.4.53 is configured to do transformations with modsed in contexts where the input to modsed may be very large, modsed may make excessively large memory allocations and trigger an abort...

CVE-2022-29404

CVE-2022-29404 affects Apache HTTP Server 2.4.53 and earlier. The vulnerability lies in the mod_lua code path: a malicious request to a Lua script calling r:parsebody(0) can cause a denial of service due to no default input size limit. Impact is DoS (availability) with network exposure; no data c...