21 matches found
Astra Linux - уязвимость в apache2
A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for this vulnerability, but it might be possible to create one. This issue affects Apache HTTP Server 2.4.51 and earlie...
CLSA-2023-1689009164 Fix CVE(s): CVE-2022-29404
SECURITY UPDATE: modlua may denial of service in r:parsebody0 - debian/patches/CVE-2022-29404.patch: use a liberal default limit for LimitRequestBody of 1GB to prevent a denial of service caused by a malicious lua script request - CVE-2022-29404...
SUSE CVE-2015-0228
The luawebsocketread function in luarequest.c in the modlua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service child-process crash by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function...
SUSE CVE-2021-44790
A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...
httpd: mod_lua: Information disclosure with websockets
A flaw was found in the modlua module of httpd. The data returned by the wsread function may point past the end of the storage allocated for the buffer, resulting in information disclosure...
httpd: mod_lua: Use of uninitialized value of in r:parsebody
A flaw was found in the modlua module of httpd. A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function. The highest threat from this vulnerability is to system availability...
httpd: mod_lua: Information disclosure with websockets
A flaw was found in the modlua module of httpd. The data returned by the wsread function may point past the end of the storage allocated for the buffer, resulting in information disclosure...
Vulnerability of the r:wsread() function in the mod_lua module of the Apache HTTP Server, which allows an attacker to gain unauthorized access to protected information
The vulnerability of the r:wsread function in the modlua module of the Apache HTTP Server is related to insufficient protection of service data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the mod_lua module in the Apache HTTP Server allows a hacker to cause a service failure.
The vulnerability of the modlua module in the Apache HTTP Server is related to the unlimited distribution of resources when processing the function with zero parameter r:parsebody0. Exploiting this vulnerability allows a malicious actor to cause service failures by sending a specially crafted HTT...
PT-2022-3349 · Apache +10 · Apache Http Server +10
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.53 and earlier Description: The issue is related to the r:wsread function in the mod lua module of the Apache HTTP Server, which may return lengths that point past the end of the allocated buffer storage. This...
PT-2022-3378 · Apache +10 · Apache Http Server +10
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.53 and earlier Description: The issue is related to the mod lua module in Apache HTTP Server, where a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default...
httpd: mod_lua: Possible buffer overflow when parsing multipart content
A buffer overflow flaw in httpd's lua module could allow an out-of-bounds write. An attacker who is able to submit a crafted request to an httpd instance that is using the lua module may be able to cause an impact to confidentiality, integrity, and/or availability...
httpd: mod_lua: Possible buffer overflow when parsing multipart content
A buffer overflow flaw in httpd's lua module could allow an out-of-bounds write. An attacker who is able to submit a crafted request to an httpd instance that is using the lua module may be able to cause an impact to confidentiality, integrity, and/or availability...
CLSA-2022-1643914331 Fix of CVE: CVE-2021-44790
CVE-2021-44790: modlua: possible buffer overflow when parsing multipart content 2035062...
CLSA-2022-1643822315 Fix of CVE: CVE-2021-44790
CVE-2021-44790: modlua: possible buffer overflow when parsing multipart content 2035062...
httpd: mod_lua: Possible buffer overflow when parsing multipart content
A buffer overflow flaw in httpd's lua module could allow an out-of-bounds write. An attacker who is able to submit a crafted request to an httpd instance that is using the lua module may be able to cause an impact to confidentiality, integrity, and/or availability...
SUSE-SU-2022:0065-1 Security update for apache2
This update for apache2 fixes the following issues: - CVE-2021-44224: Fixed NULL dereference or SSRF in forward proxy configurations. bsc1193943 - CVE-2021-44790: Fixed buffer overflow when parsing multipart content in modlua. bsc1193942...
UBUNTU-CVE-2021-44790
A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...
Vulnerabilities fixed in Apache httpd
Apache has fixed two vulnerabilities in HTTP Server. The vulnerability with attribute CVE-2021-44224 is present when HTTP Server is configured as a forward proxy. The vulnerability allows a remote malicious person to cause a denial-of-service cause or potentially perform a cross-site request...
PT-2021-5542
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.51 and earlier Description A carefully crafted request body can cause a buffer overflow in the mod lua multipart parser, specifically when the r:parsebody function is called from Lua scripts. The Apache httpd te...