Описание
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
An out-of-bounds write in function ap_escape_quotes of httpd allows an unauthenticated remote attacker to crash the server or potentially execute code on the system with the privileges of the httpd user, by providing malicious input to the function.
Отчет
No httpd module in Red Hat Enterprise Linux and Red Hat Software Collections pass untrusted data to ap_escape_quotes function, thus the Impact of the flaw has been set to Moderate.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | httpd | Out of support scope | ||
| Red Hat Enterprise Linux 9 | httpd | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | httpd | Out of support scope | ||
| JBoss Core Services for RHEL 8 | jbcs-httpd24-httpd | Fixed | RHSA-2022:7143 | 26.10.2022 |
| JBoss Core Services on RHEL 7 | jbcs-httpd24-httpd | Fixed | RHSA-2022:7143 | 26.10.2022 |
| Red Hat Enterprise Linux 7 | httpd | Fixed | RHSA-2022:0143 | 17.01.2022 |
| Red Hat Enterprise Linux 8 | httpd | Fixed | RHSA-2022:0891 | 15.03.2022 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | httpd24-httpd | Fixed | RHSA-2022:6753 | 29.09.2022 |
| Text-Only JBCS | jbcs-httpd24-httpd | Fixed | RHSA-2022:7144 | 26.10.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.1 High
CVSS3
Связанные уязвимости
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
ap_escape_quotes() may write beyond the end of a buffer when given mal ...
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
EPSS
8.1 High
CVSS3