Log

CVE-2022-28614 edited at 08 Jun 2022 11:09:38
Severity
- Unknown
+ Low
Description
+ The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function.
References
Notes
CVE-2022-26377 edited at 08 Jun 2022 11:08:38
References
- https://seclists.org/oss-sec/2022/q2/180
AVG-2763 edited at 08 Jun 2022 11:07:43
Issues
CVE-2022-26377
- CVE-2022-28330
CVE-2022-28614
CVE-2022-28615
CVE-2022-29404
CVE-2022-30522
CVE-2022-30556
CVE-2022-31813
AVG-2763 edited at 08 Jun 2022 11:07:10
Severity
- Unknown
+ Medium
CVE-2022-26377 edited at 08 Jun 2022 11:07:10
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Description
+ Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP
+ Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache
+ HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.
References
+ https://seclists.org/oss-sec/2022/q2/180
Notes
AVG-2763 created at 08 Jun 2022 11:05:02
Packages
+ apache
Issues
+ CVE-2022-26377
+ CVE-2022-28330
+ CVE-2022-28614
+ CVE-2022-28615
+ CVE-2022-29404
+ CVE-2022-30522
+ CVE-2022-30556
+ CVE-2022-31813
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 2.4.53-1
Fixed
+ 2.4.54-1
Ticket
Advisory qualified
+ Yes
References
+ https://httpd.apache.org/security/vulnerabilities_24.html
Notes
CVE-2022-30556 created at 08 Jun 2022 11:05:02
AVG-2763 created at 08 Jun 2022 11:05:02
Packages
+ apache
Issues
+ CVE-2022-26377
+ CVE-2022-28330
+ CVE-2022-28614
+ CVE-2022-28615
+ CVE-2022-29404
+ CVE-2022-30522
+ CVE-2022-30556
+ CVE-2022-31813
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 2.4.53-1
Fixed
+ 2.4.54-1
Ticket
Advisory qualified
+ Yes
References
+ https://httpd.apache.org/security/vulnerabilities_24.html
Notes
CVE-2022-31813 created at 08 Jun 2022 11:05:02
AVG-2763 created at 08 Jun 2022 11:05:02
Packages
+ apache
Issues
+ CVE-2022-26377
+ CVE-2022-28330
+ CVE-2022-28614
+ CVE-2022-28615
+ CVE-2022-29404
+ CVE-2022-30522
+ CVE-2022-30556
+ CVE-2022-31813
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 2.4.53-1
Fixed
+ 2.4.54-1
Ticket
Advisory qualified
+ Yes
References
+ https://httpd.apache.org/security/vulnerabilities_24.html
Notes
CVE-2022-29404 created at 08 Jun 2022 11:05:02
AVG-2763 created at 08 Jun 2022 11:05:02
Packages
+ apache
Issues
+ CVE-2022-26377
+ CVE-2022-28330
+ CVE-2022-28614
+ CVE-2022-28615
+ CVE-2022-29404
+ CVE-2022-30522
+ CVE-2022-30556
+ CVE-2022-31813
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 2.4.53-1
Fixed
+ 2.4.54-1
Ticket
Advisory qualified
+ Yes
References
+ https://httpd.apache.org/security/vulnerabilities_24.html
Notes
CVE-2022-28615 created at 08 Jun 2022 11:05:02
AVG-2763 created at 08 Jun 2022 11:05:02
Packages
+ apache
Issues
+ CVE-2022-26377
+ CVE-2022-28330
+ CVE-2022-28614
+ CVE-2022-28615
+ CVE-2022-29404
+ CVE-2022-30522
+ CVE-2022-30556
+ CVE-2022-31813
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 2.4.53-1
Fixed
+ 2.4.54-1
Ticket
Advisory qualified
+ Yes
References
+ https://httpd.apache.org/security/vulnerabilities_24.html
Notes
CVE-2022-28614 created at 08 Jun 2022 11:05:02
AVG-2763 created at 08 Jun 2022 11:05:02
Packages
+ apache
Issues
+ CVE-2022-26377
+ CVE-2022-28330
+ CVE-2022-28614
+ CVE-2022-28615
+ CVE-2022-29404
+ CVE-2022-30522
+ CVE-2022-30556
+ CVE-2022-31813
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 2.4.53-1
Fixed
+ 2.4.54-1
Ticket
Advisory qualified
+ Yes
References
+ https://httpd.apache.org/security/vulnerabilities_24.html
Notes
CVE-2022-28330 created at 08 Jun 2022 11:05:02