Описание
An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: from 2.4.30 before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | pending | 2.4.66-2ubuntu1 |
| esm-infra-legacy/trusty | needs-triage | |
| esm-infra/bionic | needs-triage | |
| esm-infra/focal | needs-triage | |
| esm-infra/xenial | needs-triage | |
| jammy | released | 2.4.52-1ubuntu4.18 |
| noble | released | 2.4.58-1ubuntu8.10 |
| plucky | ignored | end of life, was needs-triage |
| questing | released | 2.4.64-1ubuntu3.2 |
| upstream | released | 2.4.66 |
Показывать по
7.5 High
CVSS3
Связанные уязвимости
An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: from 2.4.30 before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue.
Apache HTTP Server: mod_md (ACME), unintended retry intervals
An integer overflow in the case of failed ACME certificate renewal lea ...
7.5 High
CVSS3