In Apache HTTP Server 2.4.53 and previous versions, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache http server |
||
fedoraproject fedora 35 |
||
fedoraproject fedora 36 |
||
netapp clustered data ontap - |