Page 3 of 264 results (0.014 seconds)

CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. En Apache HTTP Server 2.4.53 y anteriores, una petición maliciosa a un script lua que llame a r:parsebody(0) puede causar una denegación de servicio debido a que no presenta un límite por defecto en el tamaño posible de la entrada A flaw was found in the mod_lua module of httpd. A malicious request to a Lua script that calls parsebody(0) can lead to a denial of service due to no default limit on the possible input size. • http://www.openwall.com/lists/oss-security/2022/06/08/5 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND https://security.gentoo.org/glsa/202208-20 https://security.netapp.com/advisory/ntap-20220624-0005 https://access.redhat.com/security/cve/CVE-2022-29404 ht • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 9.1EPSS: 1%CPEs: 4EXPL: 0

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected. Apache HTTP Server versiones 2.4.53 y anteriores, puede fallar o revelar información debido a una lectura más allá de los límites en la función ap_strcmp_match() cuando le es proporcionado un búfer de entrada extremadamente grande. Mientras que ningún código distribuido con el servidor puede ser coaccionado en tal llamada, los módulos de terceros o los scripts lua que usan ap_strcmp_match() pueden hipotéticamente ser afectados An out-of-bounds read vulnerability was found in httpd. A very large input to the ap_strcmp_match function can lead to an integer overflow and result in an out-of-bounds read. • http://www.openwall.com/lists/oss-security/2022/06/08/9 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND https://security.gentoo.org/glsa/202208-20 https://security.netapp.com/advisory/ntap-20220624-0005 https://access.redhat.com/security/cve/CVE-2022-28615 ht • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue. La función ap_rwrite() en el Servidor HTTP Apache 2.4.53 y anteriores puede leer memoria no intencionada si un atacante puede hacer que el servidor refleje una entrada muy grande usando ap_rwrite() o ap_rputs(), como con la función mod_luas r:puts(). Los módulos compilados y distribuidos por separado del Servidor HTTP Apache que usan la función 'ap_rputs' y pueden pasarle una cadena muy grande (INT_MAX o mayor) deben ser compilados contra las cabeceras actuales para resolver el problema An out-of-bounds read vulnerability was found in httpd. A very large input to the ap_rputs and ap_rwrite functions can lead to an integer overflow and result in an out-of-bounds read. • http://www.openwall.com/lists/oss-security/2022/06/08/4 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND https://security.gentoo.org/glsa/202208-20 https://security.netapp.com/advisory/ntap-20220624-0005 https://access.redhat.com/security/cve/CVE-2022-28614 ht • CWE-190: Integer Overflow or Wraparound CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module. Apache HTTP Server versiones 2.4.53 y anteriores en Windows, puede leer más allá de los límites cuando es configurado para procesar peticiones con el módulo mod_isapi An out-of-bounds read vulnerability was found in the mod_isapi module of httpd. The issue occurs when httpd is configured to process requests with the mod_isapi module. • http://www.openwall.com/lists/oss-security/2022/06/08/3 https://httpd.apache.org/security/vulnerabilities_24.html https://security.netapp.com/advisory/ntap-20220624-0005 https://access.redhat.com/security/cve/CVE-2022-28330 https://bugzilla.redhat.com/show_bug.cgi?id=2095000 • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions. Una vulnerabilidad de Interpretación Incoherente de las Peticiones HTTP ("Contrabando de Peticiones HTTP") en la función mod_proxy_ajp de Apache HTTP Server permite a un atacante contrabandear peticiones al servidor AJP al que reenvía las peticiones. Este problema afecta a Apache HTTP Server, versión 2.4.53 y anteriores An HTTP request smuggling vulnerability was found in the mod_proxy_ajp module of httpd. This flaw allows an attacker to smuggle requests to the AJP server, where it forwards requests. • http://www.openwall.com/lists/oss-security/2022/06/08/2 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND https://security.gentoo.org/glsa/202208-20 https://security.netapp.com/advisory/ntap-20220624-0005 https://access.redhat.com/security/cve/CVE-2022-26377 ht • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •