Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2022-2255

A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing. (CVE-2022-2255)

Source

ALASHTTPD_MODULES-2023-001

Amazon Linux 2 Security Advisory: ALASHTTPD_MODULES-2023-001
Advisory Release Date: 2023-08-07 06:17 Pacific
Advisory Updated Date: 2023-09-25 22:11 Pacific

Severity: Medium

References: CVE-2022-2255
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing. (CVE-2022-2255)

Affected Packages:

mod_wsgi

Issue Correction:
Run yum update mod_wsgi to update your system.

New Packages:

aarch64:
    python2-mod_wsgi-4.7.1-4.amzn2.0.2.aarch64
    python3-mod_wsgi-4.7.1-4.amzn2.0.2.aarch64
    mod_wsgi-debuginfo-4.7.1-4.amzn2.0.2.aarch64

src:
    mod_wsgi-4.7.1-4.amzn2.0.2.src

x86_64:
    python2-mod_wsgi-4.7.1-4.amzn2.0.2.x86_64
    python3-mod_wsgi-4.7.1-4.amzn2.0.2.x86_64
    mod_wsgi-debuginfo-4.7.1-4.amzn2.0.2.x86_64

Additional References

Red Hat: CVE-2022-2255

Mitre: CVE-2022-2255

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALASHTTPD_MODULES-2023-001

ALASHTTPD_MODULES-2023-001

Additional References

Vulmon Search

About

Products

Connect