Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-28615

Опубликовано: 09 июн. 2022
Источник: nvd
CVSS3: 9.1
CVSS2: 6.4
EPSS Низкий

Описание

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
Версия до 2.4.54 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

EPSS

Процентиль: 73%
0.00775
Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-190
CWE-190

Связанные уязвимости

ubuntu логотип

CVE-2022-28615

CVSS3: 9.1
ubuntu
около 3 лет назад

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.

redhat логотип

CVE-2022-28615

CVSS3: 7.4
redhat
около 3 лет назад

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.

debian логотип

CVE-2022-28615

CVSS3: 9.1
debian
около 3 лет назад

Apache HTTP Server 2.4.53 and earlier may crash or disclose informatio ...

github логотип

GHSA-4hj9-gjv4-4363

CVSS3: 9.1
github
около 3 лет назад

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.

fstec логотип

BDU:2022-04146

CVSS3: 4
fstec
около 3 лет назад

Уязвимость функции ap_strcmp_match() веб-сервера Apache HTTP Server, позволяющая нарушителю вызвать отказ в обслуживании или получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 73%
0.00775
Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-190
CWE-190