Out-of-Bounds Read

🗓️ 14 Jun 2022 08:10:46Reported by Veracode Vulnerability DatabaseType

veracode

veracode🔗 sca.analysiscenter.veracode.com👁 36 Views

Apache HTTP Server out of bounds read vulnerability

Reporter	Title	Published	Views	Family All 80
FreeBSD	Apache httpd -- Multiple vulnerabilities	8 Jun 202200:00	–	freebsd
IBM Security Bulletins	Security Bulletin: IBM Aspera Faspex 4.4.2 PL2 has addressed multiple vulnerabilities (CVE-2022-28330, CVE-2023-22868, CVE-2022-30556, CVE-2022-31813, CVE-2022-30522, CVE-2022-47986, CVE-2022-28615, CVE-2022-26377, CVE-2018-25032, CVE-2022-2068)	12 Nov 202402:31	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Rational Build Forge is vulnerable to disclosure of sensitive information due to use of Apache HTTP server (CVE-2022-28330).	21 Jul 202205:15	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Aspera Orchestrator affected by vulnerability (CVE-2022-28330)	2 Feb 202317:34	–	ibm
ALT Linux	Security fix for the ALT Linux 10 package apache2 version 1:2.4.54-alt1	21 Jun 202200:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 9 package apache2 version 1:2.4.54-alt1	19 Jun 202200:00	–	altlinux
ATTACKERKB	CVE-2022-28330	9 Jun 202217:15	–	attackerkb
Tenable Nessus	Amazon Linux 2022 : httpd, httpd-core, httpd-devel (ALAS2022-2022-110)	7 Sep 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2022 : httpd, httpd-core, httpd-devel (ALAS2022-2022-202)	4 Nov 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2023-072)	21 Mar 202300:00	–	nessus

Vulners

Node

debian apache2Match2.4.51-r1os

AND

debian apache2Match2.4.46-r3os

AND

debian apache2Match2.4.48-r0os

AND

debian apache2Match2.4.41-r0os

AND

debian apache2Match2.4.49-r1os

AND

debian apache2Match2.4.51-r0os

AND

debian apache2Match2.4.43-r0os

AND

debian apache2Match2.4.53-r0os

AND

debian apache2Match2.4.48-r2os

AND

debian apache2Match2.4.52-r0os

AND

debian apache2Match2.4.50-r0os

AND

alpinelinux alpine_linuxMatchedge

OR

debian apache2Match2.4.53-r0os

AND

alpinelinux alpine_linuxMatch3.16

OR

debian apache2Match2.4.53-r0os

AND

debian apache2Match2.4.51-r0os

AND

debian apache2Match2.4.52-r0os

AND

debian apache2Match2.4.51-r1os

AND

alpinelinux alpine_linuxMatch3.15

OR

debian apache2Match2.4.49-r0os

AND

debian apache2Match2.4.53-r0os

AND

debian apache2Match2.4.51-r0os

AND

debian apache2Match2.4.46-r3os

AND

debian apache2Match2.4.52-r0os

AND

debian apache2Match2.4.50-r0os

AND

debian apache2Match2.4.48-r0os

AND

alpinelinux alpine_linuxMatch3.13

OR

debian apache2Match2.4.48-r0os

AND

debian apache2Match2.4.46-r3os

AND

debian apache2Match2.4.49-r0os

AND

debian apache2Match2.4.51-r0os

AND

debian apache2Match2.4.52-r0os

AND

debian apache2Match2.4.50-r0os

AND

debian apache2Match2.4.53-r0os

AND

alpinelinux alpine_linuxMatch3.14

Source	Link
secdb	www.secdb.alpinelinux.org/edge/main.yaml
secdb	www.secdb.alpinelinux.org/v3.16/main.yaml
httpd	www.httpd.apache.org/security/vulnerabilities_24.html
security	www.security.netapp.com/advisory/ntap-20220624-0005/
openwall	www.openwall.com/lists/oss-security/2022/06/08/3

24 Jun 2022 19:59Current

7.5High risk

Vulners AI Score7.5

CVSS 25

CVSS 3.15.3

EPSS0.00488

apache http server out of bounds read mod_isapi module memory corruption software vulnerability