Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-22719

Опубликовано: 14 мар. 2022
Источник: redhat
CVSS3: 7.5
EPSS Средний

Описание

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.

A flaw was found in the mod_lua module of httpd. A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function. The highest threat from this vulnerability is to system availability.

Отчет

httpd as shipped with Red Hat Enterprise Linux 6, is not affected by this flaw because it does not ship mod_lua.

Меры по смягчению последствий

Disabling mod_lua and restarting httpd will mitigate this flaw. See https://access.redhat.com/articles/10649 for more information.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6httpdNot affected
Red Hat Enterprise Linux 7httpdOut of support scope
Red Hat JBoss Core Servicesjbcs-httpd24-httpdNot affected
Red Hat JBoss Enterprise Application Platform 6httpdOut of support scope
Red Hat Enterprise Linux 8httpdFixedRHSA-2022:764708.11.2022
Red Hat Enterprise Linux 9httpdFixedRHSA-2022:806715.11.2022
Red Hat Software Collections for Red Hat Enterprise Linux 7httpd24-httpdFixedRHSA-2022:675329.09.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-665->CWE-908
https://bugzilla.redhat.com/show_bug.cgi?id=2064322httpd: mod_lua: Use of uninitialized value of in r:parsebody

EPSS

Процентиль: 97%
0.34984
Средний

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-22719

CVSS3: 7.5
ubuntu
больше 3 лет назад

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.

nvd логотип

CVE-2022-22719

CVSS3: 7.5
nvd
больше 3 лет назад

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.

msrc логотип

CVE-2022-22719

CVSS3: 7.5
msrc
больше 3 лет назад

Описание отсутствует

debian логотип

CVE-2022-22719

CVSS3: 7.5
debian
больше 3 лет назад

A carefully crafted request body can cause a read to a random memory a ...

github логотип

GHSA-2349-9g3v-jxmj

CVSS3: 7.5
github
больше 3 лет назад

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.

EPSS

Процентиль: 97%
0.34984
Средний

7.5 High

CVSS3