Astra Linux - уязвимость в apache2

If LimitXMLRequestBody is set to allow request bodies larger than 350MB default is 1MB on 32-bit systems, an integer overflow may occur, which can lead to out-of-bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier versions...

BIT-APACHE-2022-22721 core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody

If LimitXMLRequestBody is set to allow request bodies larger than 350MB defaults to 1M on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier...

SUSE CVE-2022-22721

If LimitXMLRequestBody is set to allow request bodies larger than 350MB defaults to 1M on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier...

httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody

A flaw was found in httpd, where it incorrectly limits the value of the LimitXMLRequestBody option. This issue can lead to an integer overflow and later causes an out-of-bounds write...

httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody

A flaw was found in httpd, where it incorrectly limits the value of the LimitXMLRequestBody option. This issue can lead to an integer overflow and later causes an out-of-bounds write...

Amazon Linux AMI : httpd24 (ALAS-2022-1584)

The version of httpd24 installed on the remote host is prior to 2.4.53-1.96. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1584 advisory. A flaw was found in the modlua module of httpd. A crafted request body can cause a read to a random memory area due to ...

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2022-1569)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP...

Slackware: Security Advisory (SSA:2022-073-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fix of CVE: CVE-2022-22721, CVE-2022-22720

CVE-2022-22720: simpler connection close logic if discarding the request body fails - CVE-2022-22721: make sure and check that LimitXMLRequestBody fits in system memory...

SUSE SLES11 Security Update : apache2 (SUSE-SU-2022:14924-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:14924-1 advisory. - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing th...

Updated apache packages fix security vulnerability

SECURITY: CVE-2022-23943: modsed: Read/write beyond bounds. Out-of-bounds Write vulnerability in modsed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. Credits: Ronald Crane Zippenhop LLC SECURITY: CVE-2022-22721: core: Possible buffer...

core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody

...

USN-5333-2: Apache HTTP Server vulnerabilities

USN-5333-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Chamal De Silva discovered that the Apache HTTP Server modlua module incorrectly handled certain crafted request bodies. A remote...

USN-5333-1: Apache HTTP Server vulnerabilities

Chamal De Silva discovered that the Apache HTTP Server modlua module incorrectly handled certain crafted request bodies. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. CVE-2022-22719 James Kettle discovered that the Apache HTTP Serv...

Apache HTTP Server Input Validation Error Vulnerability (CNVD-2022-41638)

Apache HTTP Server is an open source web server from the Apache Foundation. Apache HTTP Server 2.4.52 and earlier versions are vulnerable to an input validation error that results from setting LimitXMLRequestBody to allow request bodies larger than 350MB 1M by default on 32-bit systems, which cou...

CVE-2022-22721

A flaw was found in httpd, where it incorrectly limits the value of the LimitXMLRequestBody option. This issue can lead to an integer overflow and later causes an out-of-bounds write. Mitigation Set the LimitXMLRequestBody option to a value smaller than 350MB. Setting it to 0 is not recommended a...

Integer Overflow

apache2 is vulnerable to Integer Overflow. The vulnerability exists in httpd where it incorrectly limits the value of LimitXMLRequestBody option which can lead to an integer overflow and later causes an out-of-bounds write...

[slackware-security] httpd

New httpd packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/httpd-2.4.53-i586-1slack15.0.txz: Upgraded. This update fixes bugs and the following security issues: modsed:...

CVE-2022-22721

If LimitXMLRequestBody is set to allow request bodies larger than 350MB defaults to 1M on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier...

CVE-2022-22721

If LimitXMLRequestBody is set to allow request bodies larger than 350MB defaults to 1M on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier...