Lucene search
+L

12 matches found

CVE
CVE
added 2022/06/08 10:0 a.m.19084 views

CVE-2022-31813

CVE-2022-31813 affects Apache HTTP Server 2.4.53 and older; due to hop-by-hop handling, X-Forwarded-* headers may be dropped to the origin server, which can enable bypass of IP-based authentication. All connected advisories indicate the fix is in Apache HTTP Server 2.4.54 and related updates in d...

9.8CVSS9.4AI score0.0314EPSS
CVE
CVE
added 2022/03/14 10:15 a.m.10413 views

CVE-2022-23943

CVE-2022-23943 is an out-of-bounds write vulnerability in httpd’s mod_sed that could allow memory corruption by attacker-supplied data. Affected: Apache HTTP Server 2.4.52 and earlier. Mitigation: upgrade to a fixed release (e.g., httpd 2.4.53 or later) as indicated by multiple advisories (includ...

9.8CVSS9.2AI score0.50401EPSS
CVE
CVE
added 2022/03/14 10:15 a.m.8168 views

CVE-2022-22720

CVE-2022-22720 – Apache httpd HTTP Request Smuggling (details from connected docs) Affected software: Apache HTTP Server (httpd) versions 2.4.52 and earlier. Root cause / description: Inbound connections are not closed when errors occur while discarding the request body, which can expose the serv...

9.8CVSS9.4AI score0.28189EPSS
CVE
CVE
added 2022/06/08 10:0 a.m.3630 views

CVE-2022-28615

CVE-2022-28615 affects Apache HTTP Server 2.4.53 and earlier, where a read beyond bounds can occur in ap_strcmp_match() when given a very large input buffer. The issue may affect third‑party modules or lua scripts that call this function. Advisories in connected documents reference an official fi...

9.1CVSS9AI score0.05729EPSS
CVE
CVE
added 2022/03/14 10:15 a.m.2529 views

CVE-2022-22721

CVE-2022-22721 concerns the Apache HTTP Server. On 32-bit systems, if LimitXMLRequestBody is set to allow request bodies larger than 350 MB (default 1 MB), an integer overflow can occur, leading to out-of-bounds writes. Affected product: Apache HTTP Server 2.4.52 and earlier. Impact per sources: ...

9.1CVSS9.4AI score0.41861EPSS
CVE
CVE
added 2022/06/08 10:0 a.m.2169 views

CVE-2022-30556

The CVE-2022-30556 issue affects Apache HTTP Server (2.4.53 and earlier) where the wsread path may return a pointer past the end of the buffer, enabling information disclosure via websockets. Public references in connected sources corroborate: (1) industry advisories note an information disclosur...

7.5CVSS8.8AI score0.04687EPSS
CVE
CVE
added 2022/03/14 10:15 a.m.2148 views

CVE-2022-22719

Summary (CVE-2022-22719) Affects Apache HTTP Server (httpd) 2.4.52 and earlier. The issue arises in the httpd mod_lua component where an uninitialized value in r:parsebody can cause a read to a random memory area, potentially leading to a crash and availability impact. Connected advisories confir...

7.5CVSS8.7AI score0.69803EPSS
CVE
CVE
added 2022/06/08 10:0 a.m.1849 views

CVE-2022-26377

CVE-2022-26377 is a real HTTP Request Smuggling vulnerability in the mod_proxy_ajp module of Apache HTTP Server. Affected: Apache httpd 2.4.53 and earlier. Description across sources confirms that an attacker can smuggle requests to the AJP server to which httpd forwards traffic. Patches/updates ...

7.5CVSS8.9AI score0.19008EPSS
CVE
CVE
added 2022/06/08 10:0 a.m.1705 views

CVE-2022-28614

CVE-2022-28614 affects Apache HTTP Server 2.4.53 and earlier. The vulnerability stems from ap_rwrite() potentially reading unintended memory when reflecting very large input via ap_rwrite() or ap_rputs(), notably with mod_luas r:puts(). Modules compiled against older headers that use ap_rputs may...

5.3CVSS7.5AI score0.04428EPSS
CVE
CVE
added 2022/06/08 10:0 a.m.1683 views

CVE-2022-29404

CVE-2022-29404 affects Apache HTTP Server 2.4.53 and earlier. The vulnerability lies in the mod_lua code path: a malicious request to a Lua script calling r:parsebody(0) can cause a denial of service due to no default input size limit. Impact is DoS (availability) with network exposure; no data c...

7.5CVSS8.5AI score0.05678EPSS
CVE
CVE
added 2022/06/08 10:0 a.m.932 views

CVE-2022-30522

CVE-2022-30522 affects Apache HTTP Server mod_sed; when input to mod_sed is very large, it can cause excessive memory allocations and aborts, impacting availability. The issue is documented across multiple feeds (e.g., CVE page for 2.4.53 context and later advisories) and is addressed by updating...

7.5CVSS8.7AI score0.90407EPSS
CVE
CVE
added 2022/06/08 10:0 a.m.783 views

CVE-2022-28330

CVE-2022-28330 affects Apache HTTP Server 2.4.53 and earlier on Windows, describing an out-of-bounds read when processing requests with the mod_isapi module. Public references in ALAS advisories indicate the fix is included in httpd 2.4.54 (and related ALT Linux advisories). Mitigation requires u...

5.3CVSS7.1AI score0.03398EPSS