Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-30556

Опубликовано: 08 июн. 2022
Источник: redhat
CVSS3: 7.5

Описание

Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.

A flaw was found in the mod_lua module of httpd. The data returned by the wsread function may point past the end of the storage allocated for the buffer, resulting in information disclosure.

Отчет

httpd as shipped with Red Hat Enterprise Linux 6, is not affected by this flaw because it does not ship mod_lua. Red Hat Enterprise Linux 7 is not affected by this flaw because the wsread function is not available.

Меры по смягчению последствий

Disabling mod_lua and restarting httpd will mitigate this flaw.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6httpdNot affected
Red Hat Enterprise Linux 7httpdNot affected
Red Hat JBoss Core ServiceshttpdNot affected
Red Hat JBoss Core Servicesjbcs-httpd24-httpdNot affected
Red Hat JBoss Enterprise Application Platform 6httpd22Out of support scope
Red Hat JBoss Web Server 3httpd24Fix deferred
Red Hat Enterprise Linux 8httpdFixedRHSA-2022:764708.11.2022
Red Hat Enterprise Linux 9httpdFixedRHSA-2022:806715.11.2022
Red Hat Software Collections for Red Hat Enterprise Linux 7httpd24-httpdFixedRHSA-2022:675329.09.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=2095018httpd: mod_lua: Information disclosure with websockets

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-30556

CVSS3: 7.5
ubuntu
около 3 лет назад

Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.

nvd логотип

CVE-2022-30556

CVSS3: 7.5
nvd
около 3 лет назад

Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.

debian логотип

CVE-2022-30556

CVSS3: 7.5
debian
около 3 лет назад

Apache HTTP Server 2.4.53 and earlier may return lengths to applicatio ...

github логотип

GHSA-gvrr-g8v5-hjqr

CVSS3: 7.5
github
около 3 лет назад

Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.

fstec логотип

BDU:2022-04106

CVSS3: 6.8
fstec
около 3 лет назад

Уязвимость функции r:wsread() модуля mod_lua веб-сервера Apache HTTP Server, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

7.5 High

CVSS3