Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache http server 2.4.53 vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv3
CVE-2022-30522
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.
Apache Http Server 2.4.53Netapp Clustered Data Ontap -Fedoraproject Fedora 35Fedoraproject Fedora 36
7.5
CVSSv3
CVE-2022-30556
Apache HTTP Server 2.4.53 and previous versions may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.
Apache Http ServerNetapp Clustered Data Ontap -Fedoraproject Fedora 35Fedoraproject Fedora 36
7.5
CVSSv3
CVE-2022-26377
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an malicious user to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server ...
Apache Http ServerFedoraproject Fedora 35Fedoraproject Fedora 36Netapp Clustered Data Ontap -
7.5
CVSSv3
CVE-2022-29404
In Apache HTTP Server 2.4.53 and previous versions, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.
Apache Http ServerFedoraproject Fedora 35Fedoraproject Fedora 36Netapp Clustered Data Ontap -
5.3
CVSSv3
CVE-2022-28330
Apache HTTP Server 2.4.53 and previous versions on Windows may read beyond bounds when configured to process requests with the mod_isapi module.
Apache Http Server
5.3
CVSSv3
CVE-2022-28614
The ap_rwrite() function in Apache HTTP Server 2.4.53 and previous versions may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separa...
Apache Http ServerFedoraproject Fedora 35Fedoraproject Fedora 36Netapp Clustered Data Ontap -
9.1
CVSSv3
CVE-2022-28615
Apache HTTP Server 2.4.53 and previous versions may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or...
Apache Http ServerFedoraproject Fedora 35Fedoraproject Fedora 36Netapp Clustered Data Ontap -
9.8
CVSSv3
CVE-2022-31813
Apache HTTP Server 2.4.53 and previous versions may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.
Apache Http ServerNetapp Clustered Data Ontap -Fedoraproject Fedora 35Fedoraproject Fedora 36
7.5
CVSSv3
CVE-2022-0778
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curv...
Openssl OpensslDebian Debian Linux 9.0Debian Debian Linux 10.0Debian Debian Linux 11.0Netapp Santricity Smi-s Provider -Netapp Storagegrid -Netapp Clustered Data Ontap -Netapp Clustered Data Ontap Antivirus Connector -Netapp Cloud Volumes Ontap Mediator -Netapp A250 Firmware -Netapp 500f Firmware -Fedoraproject Fedora 34Fedoraproject Fedora 36Tenable NessusMariadb MariadbNodejs Node.js
9.8
CVSSv3
CVE-2022-22720
Apache HTTP Server 2.4.52 and previous versions fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
Apache Http ServerFedoraproject Fedora 34Fedoraproject Fedora 35Fedoraproject Fedora 36Debian Debian Linux 9.0Oracle Http Server 12.2.1.3.0Oracle Http Server 12.2.1.4.0Oracle Enterprise Manager Ops Center 12.4.0.0Oracle Zfs Storage Appliance Kit 8.8Apple MacosApple Mac Os X 10.15.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook