UbuntuUSN-5487-3Apache HTTP Server regression
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.423 Medium
EPSS
Percentile
97.3%
Releases
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Packages
- apache2 - Apache HTTP server
Details
USN-5487-1 fixed several vulnerabilities in Apache HTTP Server.
Unfortunately it caused regressions. USN-5487-2 reverted the
patches that caused the regression in Ubuntu 14.04 ESM for further
investigation. This update re-adds the security fixes for Ubuntu
14.04 ESM and fixes two different regressions: one affecting mod_proxy
only in Ubuntu 14.04 ESM and another in mod_sed affecting also Ubuntu 16.04 ESM
and Ubuntu 18.04 LTS.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled
certain crafted request. A remote attacker could possibly use this issue to
perform an HTTP Request Smuggling attack. (CVE-2022-26377)
It was discovered that Apache HTTP Server incorrectly handled certain
request. An attacker could possibly use this issue to cause a denial
of service. (CVE-2022-28614)
It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to cause a crash or expose
sensitive information. (CVE-2022-28615)
It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-29404)
It was discovered that Apache HTTP Server incorrectly handled certain
request. An attacker could possibly use this issue to cause a crash.
(CVE-2022-30522)
It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to execute arbitrary code or cause
a crash. (CVE-2022-30556)
It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to bypass IP based authentication.
(CVE-2022-31813)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 18.04 | noarch | apache2 | < 2.4.29-1ubuntu4.25 | UNKNOWN |
| Ubuntu | 18.04 | noarch | apache2-bin | < 2.4.29-1ubuntu4.25 | UNKNOWN |
| Ubuntu | 18.04 | noarch | apache2-data | < 2.4.29-1ubuntu4.25 | UNKNOWN |
| Ubuntu | 18.04 | noarch | apache2-dbg | < 2.4.29-1ubuntu4.25 | UNKNOWN |
| Ubuntu | 18.04 | noarch | apache2-dev | < 2.4.29-1ubuntu4.25 | UNKNOWN |
| Ubuntu | 18.04 | noarch | apache2-doc | < 2.4.29-1ubuntu4.25 | UNKNOWN |
| Ubuntu | 18.04 | noarch | apache2-ssl-dev | < 2.4.29-1ubuntu4.25 | UNKNOWN |
| Ubuntu | 18.04 | noarch | apache2-suexec-custom | < 2.4.29-1ubuntu4.25 | UNKNOWN |
| Ubuntu | 18.04 | noarch | apache2-suexec-pristine | < 2.4.29-1ubuntu4.25 | UNKNOWN |
| Ubuntu | 18.04 | noarch | apache2-utils | < 2.4.29-1ubuntu4.25 | UNKNOWN |
References
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.423 Medium
EPSS
Percentile
97.3%