Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2022-22719

Published: 14/03/2022 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 447
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Apache

Vulnerability Summary

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and previous versions.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server

debian debian linux 9.0

fedoraproject fedora 34

fedoraproject fedora 35

fedoraproject fedora 36

oracle http server 12.2.1.3.0

oracle http server 12.2.1.4.0

oracle zfs storage appliance kit 8.8

apple macos

apple mac os x 10.15.7

Vendor Advisories

Ubuntu Security Notice: USN-5333-2: Apache HTTP Server vulnerabilities
Several security issues were fixed in Apache HTTP Server ...
Ubuntu Security Notice: USN-5333-1: Apache HTTP Server vulnerabilities
Several security issues were fixed in Apache HTTP Server ...
Red Hat: Moderate: httpd:2.4 security update
Synopsis Moderate: httpd:24 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the httpd:24 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update ...
Red Hat: Moderate: httpd security, bug fix, and enhancement update
Synopsis Moderate: httpd security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for httpd is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this ...
Red Hat: Moderate: httpd24-httpd security and bug fix update
Synopsis Moderate: httpd24-httpd security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for httpd24-httpd is now available for Red Hat Software CollectionsRed Hat Product Security has rated ...
Amazon Linux 2: ALAS2-2022-1783
A flaw was found in the mod_lua module of httpd A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function The highest treat of this vulnerability is availability (CVE-2022-22719) A flaw was found in httpd The inbound connection is not closed when it fails to disca ...
Amazon Linux AMI: ALAS-2022-1584
A flaw was found in the mod_lua module of httpd A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function The highest treat of this vulnerability is availability (CVE-2022-22719) A flaw was found in httpd The inbound connection is not closed when it fails to disca ...
Red Hat:
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash This issue affects Apache HTTP Server 2452 and earlier ...
Amazon Linux 2022: ALAS2022-2022-053
A flaw was found in the mod_lua module of httpd A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function The highest treat of this vulnerability is availability (CVE-2022-22719) A flaw was found in httpd The inbound connection is not closed when it fails to disca ...
Apple: macOS Monterey 12.4
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID&nbsp ...

References

CWE-665https://httpd.apache.org/security/vulnerabilities_24.htmlhttp://www.openwall.com/lists/oss-security/2022/03/14/4https://security.netapp.com/advisory/ntap-20220321-0001/https://lists.debian.org/debian-lts-announce/2022/03/msg00033.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://support.apple.com/kb/HT213256https://support.apple.com/kb/HT213257https://support.apple.com/kb/HT213255http://seclists.org/fulldisclosure/2022/May/38http://seclists.org/fulldisclosure/2022/May/33http://seclists.org/fulldisclosure/2022/May/35https://security.gentoo.org/glsa/202208-20https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/https://nvd.nist.govhttps://ubuntu.com/security/notices/USN-5333-2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook