CVE-2022-29404

Опубликовано: 09 июн. 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.

Ссылки

http://www.openwall.com/lists/oss-security/2022/06/08/5
Mailing List
Third Party Advisory
https://httpd.apache.org/security/vulnerabilities_24.html
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/
https://security.gentoo.org/glsa/202208-20
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220624-0005/
Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/06/08/5
Mailing List
Third Party Advisory
https://httpd.apache.org/security/vulnerabilities_24.html
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/
https://security.gentoo.org/glsa/202208-20
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220624-0005/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Версия до 2.4.53 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01862

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-770

Связанные уязвимости

CVE-2022-29404

CVSS3: 7.5

ubuntu

около 3 лет назад

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.

CVE-2022-29404

CVSS3: 7.5

redhat

около 3 лет назад

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.

CVE-2022-29404

CVSS3: 7.5

debian

около 3 лет назад

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua ...

GHSA-jq5m-vpg7-ghpv

CVSS3: 7.5

github

около 3 лет назад

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.

BDU:2022-04147

CVSS3: 5.9

fstec

около 3 лет назад

Уязвимость модуля mod_lua веб-сервера Apache HTTP Server, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 82%

0.01862

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-770