AVG-2763 log

Package apache
Status Fixed
Severity Medium
Type multiple issues
Affected 2.4.53-1
Fixed 2.4.54-1
Current 2.4.54-3 [extra]
Ticket None
Created Wed Jun 8 11:05:02 2022
Advisory Pending
Issue Severity Remote Type Description
CVE-2022-31813 Low Unknown Authentication bypass
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop...
CVE-2022-30556 Low Unknown Information disclosure
Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.
CVE-2022-30522 Low Unknown Denial of service
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make...
CVE-2022-29404 Low Unknown Denial of service
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default...
CVE-2022-28615 Low Unknown Information disclosure
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely...
CVE-2022-28614 Low Unknown Unknown
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input...
CVE-2022-26377 Medium Yes Unknown
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle...
References
https://httpd.apache.org/security/vulnerabilities_24.html