CVE-2022-28615 – Read beyond bounds in ap_strcmp_match()
https://notcve.org/view.php?id=CVE-2022-28615
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected. Apache HTTP Server versiones 2.4.53 y anteriores, puede fallar o revelar información debido a una lectura más allá de los límites en la función ap_strcmp_match() cuando le es proporcionado un búfer de entrada extremadamente grande. Mientras que ningún código distribuido con el servidor puede ser coaccionado en tal llamada, los módulos de terceros o los scripts lua que usan ap_strcmp_match() pueden hipotéticamente ser afectados An out-of-bounds read vulnerability was found in httpd. A very large input to the ap_strcmp_match function can lead to an integer overflow and result in an out-of-bounds read. • http://www.openwall.com/lists/oss-security/2022/06/08/9 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND https://security.gentoo.org/glsa/202208-20 https://security.netapp.com/advisory/ntap-20220624-0005 https://access.redhat.com/security/cve/CVE-2022-28615 ht • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVE-2022-28614 – read beyond bounds via ap_rwrite()
https://notcve.org/view.php?id=CVE-2022-28614
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue. La función ap_rwrite() en el Servidor HTTP Apache 2.4.53 y anteriores puede leer memoria no intencionada si un atacante puede hacer que el servidor refleje una entrada muy grande usando ap_rwrite() o ap_rputs(), como con la función mod_luas r:puts(). Los módulos compilados y distribuidos por separado del Servidor HTTP Apache que usan la función 'ap_rputs' y pueden pasarle una cadena muy grande (INT_MAX o mayor) deben ser compilados contra las cabeceras actuales para resolver el problema An out-of-bounds read vulnerability was found in httpd. A very large input to the ap_rputs and ap_rwrite functions can lead to an integer overflow and result in an out-of-bounds read. • http://www.openwall.com/lists/oss-security/2022/06/08/4 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND https://security.gentoo.org/glsa/202208-20 https://security.netapp.com/advisory/ntap-20220624-0005 https://access.redhat.com/security/cve/CVE-2022-28614 ht • CWE-190: Integer Overflow or Wraparound CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-26377 – mod_proxy_ajp: Possible request smuggling
https://notcve.org/view.php?id=CVE-2022-26377
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions. Una vulnerabilidad de Interpretación Incoherente de las Peticiones HTTP ("Contrabando de Peticiones HTTP") en la función mod_proxy_ajp de Apache HTTP Server permite a un atacante contrabandear peticiones al servidor AJP al que reenvía las peticiones. Este problema afecta a Apache HTTP Server, versión 2.4.53 y anteriores An HTTP request smuggling vulnerability was found in the mod_proxy_ajp module of httpd. This flaw allows an attacker to smuggle requests to the AJP server, where it forwards requests. • http://www.openwall.com/lists/oss-security/2022/06/08/2 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND https://security.gentoo.org/glsa/202208-20 https://security.netapp.com/advisory/ntap-20220624-0005 https://access.redhat.com/security/cve/CVE-2022-26377 ht • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVE-2022-27778
https://notcve.org/view.php?id=CVE-2022-27778
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. Una vulnerabilidad en el uso de nombres resueltos incorrectamente, corregida en versión 7.83.1, podía eliminar el archivo equivocado cuando es usado "--no-clobber" junto con "--remove-on-error" • https://hackerone.com/reports/1553598 https://security.netapp.com/advisory/ntap-20220609-0009 https://security.netapp.com/advisory/ntap-20220729-0004 https://www.oracle.com/security-alerts/cpujul2022.html • CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVE-2022-27779
https://notcve.org/view.php?id=CVE-2022-27779
libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain. libcurl permite erróneamente que se establezcan cookies para Dominios de Alto Nivel (TLDs) si el nombre de host es proporcionado con un punto al final. curl puede recibir y enviar cookies. "cookie engine" de curl puede construirse con o sin conocimiento de la [Lista de Sufijos Públicos] (https://publicsuffix.org/). Si no es proporcionado soporte de PSL, se presenta una comprobación más rudimentaria para al menos evitar que sean establecidas cookies en los TLD. • https://hackerone.com/reports/1553301 https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20220609-0009 • CWE-201: Insertion of Sensitive Information Into Sent Data •