Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2022-28615

Опубликовано: 09 июн. 2022
Источник: ubuntu
Приоритет: medium
CVSS2: 6.4
CVSS3: 9.1

Описание

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.

РелизСтатусПримечание
bionic

released

2.4.29-1ubuntu4.24
devel

released

2.4.54-2ubuntu1
esm-infra-legacy/trusty

not-affected

2.4.7-1ubuntu4.22+esm6
esm-infra/bionic

not-affected

2.4.29-1ubuntu4.24
esm-infra/focal

not-affected

2.4.41-4ubuntu3.12
esm-infra/xenial

released

2.4.18-2ubuntu3.17+esm6
focal

released

2.4.41-4ubuntu3.12
impish

released

2.4.48-3.1ubuntu3.5
jammy

released

2.4.52-1ubuntu4.1
kinetic

released

2.4.54-2ubuntu1

Показывать по

Ссылки на источники

6.4 Medium

CVSS2

9.1 Critical

CVSS3

Связанные уязвимости

redhat логотип

CVE-2022-28615

CVSS3: 7.4
redhat
около 3 лет назад

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.

nvd логотип

CVE-2022-28615

CVSS3: 9.1
nvd
около 3 лет назад

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.

debian логотип

CVE-2022-28615

CVSS3: 9.1
debian
около 3 лет назад

Apache HTTP Server 2.4.53 and earlier may crash or disclose informatio ...

github логотип

GHSA-4hj9-gjv4-4363

CVSS3: 9.1
github
около 3 лет назад

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.

fstec логотип

BDU:2022-04146

CVSS3: 4
fstec
около 3 лет назад

Уязвимость функции ap_strcmp_match() веб-сервера Apache HTTP Server, позволяющая нарушителю вызвать отказ в обслуживании или получить несанкционированный доступ к защищаемой информации

6.4 Medium

CVSS2

9.1 Critical

CVSS3