Log

AVG-2764 created at 15 Jun 2022 18:43:21
Packages
+ ruby-puma
Issues
+ CVE-2021-41136
+ CVE-2022-23634
+ CVE-2022-24790
Status
+ Unknown
Severity
+ Unknown
Affected
+ 5.6.3-1
Fixed
+ 5.6.4-1
Ticket
Advisory qualified
+ No
References
Notes
CVE-2022-24790 created at 15 Jun 2022 18:43:21
AVG-2764 created at 15 Jun 2022 18:43:21
Packages
+ ruby-puma
Issues
+ CVE-2021-41136
+ CVE-2022-23634
+ CVE-2022-24790
Status
+ Unknown
Severity
+ Unknown
Affected
+ 5.6.3-1
Fixed
+ 5.6.4-1
Ticket
Advisory qualified
+ No
References
Notes
CVE-2022-23634 created at 15 Jun 2022 18:43:21
AVG-2755 edited at 13 Jun 2022 08:06:52
Status
- Vulnerable
+ Fixed
AVG-2761 edited at 10 Jun 2022 06:02:18
Status
- Vulnerable
+ Fixed
AVG-2763 edited at 08 Jun 2022 17:10:43
Status
- Vulnerable
+ Testing
CVE-2022-31813 edited at 08 Jun 2022 11:18:15
Severity
- Unknown
+ Low
Type
- Unknown
+ Authentication bypass
Description
+ Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.
References
Notes
CVE-2022-30556 edited at 08 Jun 2022 11:17:05
Severity
- Unknown
+ Low
Type
- Unknown
+ Information disclosure
Description
+ Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.
References
Notes
CVE-2022-30522 edited at 08 Jun 2022 11:16:16
Severity
- Unknown
+ Low
Type
- Unknown
+ Denial of service
Description
+ If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.
References
Notes
CVE-2022-29404 edited at 08 Jun 2022 11:15:15
Severity
- Unknown
+ Low
Type
- Unknown
+ Denial of service
Description
+ In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.
References
Notes
CVE-2022-28615 edited at 08 Jun 2022 11:14:10
Severity
- Unknown
+ Low
Type
- Unknown
+ Information disclosure
Description
+ Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.
References
Notes