Описание
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.
A flaw was found in the mod_sed module of httpd. A very large input to the mod_sed module can result in a denial of service due to excessively large memory allocations.
Отчет
The mod_sed module is disabled by default on Red Hat Enterprise Linux 7 and 8. The httpd package as shipped with Red Hat Enterprise Linux 6 is not affected by this flaw because the mod_sed module is not available.
Меры по смягчению последствий
Disabling mod_sed and restarting httpd will mitigate this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | httpd | Not affected | ||
| Red Hat Enterprise Linux 7 | httpd | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 6 | httpd22 | Out of support scope | ||
| Red Hat JBoss Web Server 3 | httpd24 | Will not fix | ||
| JBoss Core Services for RHEL 8 | jbcs-httpd24-httpd | Fixed | RHSA-2022:8840 | 08.12.2022 |
| JBoss Core Services on RHEL 7 | jbcs-httpd24-httpd | Fixed | RHSA-2022:8840 | 08.12.2022 |
| Red Hat Enterprise Linux 8 | httpd | Fixed | RHSA-2022:7647 | 08.11.2022 |
| Red Hat Enterprise Linux 9 | httpd | Fixed | RHSA-2022:8067 | 15.11.2022 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | httpd24-httpd | Fixed | RHSA-2022:6753 | 29.09.2022 |
| Text-Only JBCS | httpd | Fixed | RHSA-2022:8841 | 08.12.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.
If Apache HTTP Server 2.4.53 is configured to do transformations with ...
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.
Уязвимость фильтра содержимого mod_sed веб-сервера Apache HTTP Server, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
7.5 High
CVSS3