Internet Bug Bounty: DoS via lua_read_body() [zhbug_httpd_94]

Greetings. I have found a bug that can crash httpd 2.4.53, causing a denial of service. The bug is that luareadbody modules/lua/luarequest.c uses the value of the Content-Length header to allocate memory. While apreadrequest limits Content-Length's value to a non-negative |aprofft| via a call to...

Slackware: Security Advisory (SSA:2022-159-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Internet Bug Bounty: Read beyond bounds in ap_strcmp_match() [zhbug_httpd_47.7]

Greetings. I have found a read-beyond-bounds attack against httpd that allows an attacker to search httpd's memory for strings matching an attacker-specified pattern 1. The attack arises from an overflow in apstrcmpmatch server/util.c. 2 The vulnerability can be reached via an LUA program that us...

CVE-2022-30522

A flaw was found in the modsed module of httpd. A very large input to the modsed module can result in a denial of service due to excessively large memory allocations. Mitigation Disabling modsed and restating httpd will mitigate this flaw...

CVE-2022-31813

A flaw was found in the modproxy module of httpd. The server may remove the X-Forwarded- headers from a request based on the client-side Connection header hop-by-hop mechanism. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat...

CVE-2022-30556

A flaw was found in the modlua module of httpd. The data returned by the wsread function may point past the end of the storage allocated for the buffer, resulting in information disclosure. Mitigation Disabling modlua and restarting httpd will mitigate this flaw...

CVE-2022-29404

A flaw was found in the modlua module of httpd. A malicious request to a Lua script that calls parsebody0 can lead to a denial of service due to no default limit on the possible input size. Mitigation Disabling modlua and restarting httpd will mitigate this flaw...

CVE-2022-28615

An out-of-bounds read vulnerability was found in httpd. A very large input to the apstrcmpmatch function can lead to an integer overflow and result in an out-of-bounds read...

CVE-2022-28614

An out-of-bounds read vulnerability was found in httpd. A very large input to the aprputs and aprwrite functions can lead to an integer overflow and result in an out-of-bounds read...

CVE-2022-28330

An out-of-bounds read vulnerability was found in the modisapi module of httpd. The issue occurs when httpd is configured to process requests with the modisapi module...

CVE-2022-26377

An HTTP request smuggling vulnerability was found in the modproxyajp module of httpd. This flaw allows an attacker to smuggle requests to the AJP server, where it forwards requests. Mitigation Disabling modproxyajp and restarting httpd will mitigate this flaw...

[slackware-security] httpd

New httpd packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/httpd-2.4.54-i586-1slack15.0.txz: Upgraded. This update fixes bugs and the following security issues: modproxy...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-1807)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-44080

A Command Injection vulnerability in httpd web server setup.cgi in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connectiontype parameter of the statussupportdiagnostictracing.json endpoint...

Command injection

A Command Injection vulnerability in httpd web server setup.cgi in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connectiontype parameter of the statussupportdiagnostictracing.json endpoint...

CLSA-2022-1654106630 Fixed CVEs in httpd-43.module_el8.5.0+2046+6f259f31.tuxcare.els4: CVE-2021-33193, CVE-2020-35452

CVE-2020-35452: modauthdigest: fix a single zero byte stack overflow 1968278 - CVE-2021-33193: fix request splitting via HTTP/2 method injection and modproxy 1972491...

CLSA-2022-1654106434 Fixed CVEs in httpd-39.module_el8.4.0+2047+54659116.1.tuxcare.els5: CVE-2020-35452, CVE-2021-33193

CVE-2020-35452: modauthdigest: fix a single zero byte stack overflow 1968278 - CVE-2021-33193: fix request splitting via HTTP/2 method injection and modproxy 1972491...

CVE-2021-44080

A Command Injection vulnerability in httpd web server setup.cgi in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connectiontype parameter of the statussupportdiagnostictracing.json endpoint...

CVE-2021-44080

The CVE-2021-44080 entry affects SerComm h500s routers (FW lowi-h500s-v3.4.22). The vulnerability is a command-injection in the httpd web server’s setup.cgi, exploitable by a logged-in administrator via the connection_type parameter of the statussupport_diagnostic_tracing.json endpoint, enabling ...

CVE-2022-30477

Tenda AC Series Router AC18V15.03.05.196318 was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetClientState request...