Searching
..

Click anywhere to stop

KLA12485
Multiple vulnerabilities in Apache HTTP Server

Обновлено: 22/01/2024
Дата обнаружения
14/03/2022
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. Integer overflow vulnerability in LimitXMLRequestBody can be exploited to cause denial of service.
  2. HTTP request smuggling vulnerability can be exploited to bypass security restrictions.
  3. Out-of-bounds Write vulnerability in mod_sed can be exploited to cause denial of service.
  4. Use of uninitialized value of in mod_lua can be exploited remotely via special crafted request to cause denial of service.
Эксплуатация

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Пораженные продукты

Apache HTTP Server 2.4.x earlier than 2.4.53

Решение

Update to the latest version
Download Apache HTTP Server

Первичный источник обнаружения
Fixed in Apache HTTP Server 2.4.53
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

DoS 
[?]

SB 
[?]

SUI 
[?]
Связанные продукты
Apache HTTP Server
CVE-IDS
CVE-2022-227215.8High
CVE-2022-227207.5Critical
CVE-2022-239437.5Critical
CVE-2022-227195.0Warning
Узнай статистику распространения уязвимостей в твоем регионе