Описание
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.
A flaw was found in the mod_lua module of httpd. A malicious request to a Lua script that calls parsebody(0) can lead to a denial of service due to no default limit on the possible input size.
Отчет
httpd as shipped with Red Hat Enterprise Linux 6, is not affected by this flaw because it does not ship mod_lua.
Меры по смягчению последствий
Disabling mod_lua and restarting httpd will mitigate this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | httpd | Not affected | ||
| Red Hat Enterprise Linux 7 | httpd | Out of support scope | ||
| Red Hat JBoss Core Services | httpd | Not affected | ||
| Red Hat JBoss Core Services | jbcs-httpd24-httpd | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | httpd22 | Out of support scope | ||
| Red Hat JBoss Web Server 3 | httpd24 | Will not fix | ||
| Red Hat Enterprise Linux 8 | httpd | Fixed | RHSA-2022:7647 | 08.11.2022 |
| Red Hat Enterprise Linux 9 | httpd | Fixed | RHSA-2022:8067 | 15.11.2022 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | httpd24-httpd | Fixed | RHSA-2022:6753 | 29.09.2022 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua ...
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.
Уязвимость модуля mod_lua веб-сервера Apache HTTP Server, позволяющая нарушителю вызвать отказ в обслуживании
7.5 High
CVSS3