ALT-PU-2022-4318-1
Package apache2 updated to version 2.4.53-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
Published: 2022-03-14
BDU:2022-01455
Уязвимость веб-сервера Apache HTTP Server, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2022-03-14
BDU:2022-01456
Уязвимость веб-сервера Apache HTTP Server, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю выполнять атаку "контрабанда HTTP-запросов"
Severity: MEDIUM (6.1)
Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Published: 2022-03-14
BDU:2022-01457
Уязвимость веб-сервера Apache HTTP Server, связанная с недостатками проверки вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2022-03-14
BDU:2022-01461
Уязвимость веб-сервера Apache HTTP Server, связанная с записью за пределами буфера памяти, позволяющая нарушителю выполнить произвольный код
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2022-03-14
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-22719
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- 20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina
- 20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina
- 20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6
- 20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6
- 20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4
- 20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4
- [oss-security] 20220314 CVE-2022-22719: Apache HTTP Server: mod_lua Use of uninitialized value of in r:parsebody
- [oss-security] 20220314 CVE-2022-22719: Apache HTTP Server: mod_lua Use of uninitialized value of in r:parsebody
- https://httpd.apache.org/security/vulnerabilities_24.html
- https://httpd.apache.org/security/vulnerabilities_24.html
- [debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update
- [debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update
- FEDORA-2022-b4103753e9
- FEDORA-2022-b4103753e9
- FEDORA-2022-78e3211c55
- FEDORA-2022-78e3211c55
- FEDORA-2022-21264ec6db
- FEDORA-2022-21264ec6db
- GLSA-202208-20
- GLSA-202208-20
- https://security.netapp.com/advisory/ntap-20220321-0001/
- https://security.netapp.com/advisory/ntap-20220321-0001/
- https://support.apple.com/kb/HT213255
- https://support.apple.com/kb/HT213255
- https://support.apple.com/kb/HT213256
- https://support.apple.com/kb/HT213256
- https://support.apple.com/kb/HT213257
- https://support.apple.com/kb/HT213257
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
Published: 2022-03-14
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-22720
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- 20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina
- 20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina
- 20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6
- 20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6
- 20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4
- 20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4
- [oss-security] 20220314 CVE-2022-22720: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier
- [oss-security] 20220314 CVE-2022-22720: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier
- https://httpd.apache.org/security/vulnerabilities_24.html
- https://httpd.apache.org/security/vulnerabilities_24.html
- [debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update
- [debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update
- FEDORA-2022-b4103753e9
- FEDORA-2022-b4103753e9
- FEDORA-2022-78e3211c55
- FEDORA-2022-78e3211c55
- FEDORA-2022-21264ec6db
- FEDORA-2022-21264ec6db
- GLSA-202208-20
- GLSA-202208-20
- https://security.netapp.com/advisory/ntap-20220321-0001/
- https://security.netapp.com/advisory/ntap-20220321-0001/
- https://support.apple.com/kb/HT213255
- https://support.apple.com/kb/HT213255
- https://support.apple.com/kb/HT213256
- https://support.apple.com/kb/HT213256
- https://support.apple.com/kb/HT213257
- https://support.apple.com/kb/HT213257
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
Published: 2022-03-14
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-22721
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.
Severity: CRITICAL (9.1)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
References:
- 20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina
- 20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina
- 20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6
- 20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6
- 20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4
- 20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4
- [oss-security] 20220314 CVE-2022-22721: Apache HTTP Server: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody
- [oss-security] 20220314 CVE-2022-22721: Apache HTTP Server: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody
- https://httpd.apache.org/security/vulnerabilities_24.html
- https://httpd.apache.org/security/vulnerabilities_24.html
- [debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update
- [debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update
- FEDORA-2022-b4103753e9
- FEDORA-2022-b4103753e9
- FEDORA-2022-78e3211c55
- FEDORA-2022-78e3211c55
- FEDORA-2022-21264ec6db
- FEDORA-2022-21264ec6db
- GLSA-202208-20
- GLSA-202208-20
- https://security.netapp.com/advisory/ntap-20220321-0001/
- https://security.netapp.com/advisory/ntap-20220321-0001/
- https://support.apple.com/kb/HT213255
- https://support.apple.com/kb/HT213255
- https://support.apple.com/kb/HT213256
- https://support.apple.com/kb/HT213256
- https://support.apple.com/kb/HT213257
- https://support.apple.com/kb/HT213257
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
Published: 2022-03-14
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-23943
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- [oss-security] 20220314 CVE-2022-23943: Apache HTTP Server: mod_sed: Read/write beyond bounds
- [oss-security] 20220314 CVE-2022-23943: Apache HTTP Server: mod_sed: Read/write beyond bounds
- https://httpd.apache.org/security/vulnerabilities_24.html
- https://httpd.apache.org/security/vulnerabilities_24.html
- [debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update
- [debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update
- FEDORA-2022-b4103753e9
- FEDORA-2022-b4103753e9
- FEDORA-2022-78e3211c55
- FEDORA-2022-78e3211c55
- FEDORA-2022-21264ec6db
- FEDORA-2022-21264ec6db
- GLSA-202208-20
- GLSA-202208-20
- https://security.netapp.com/advisory/ntap-20220321-0001/
- https://security.netapp.com/advisory/ntap-20220321-0001/
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.tenable.com/security/tns-2022-08
- https://www.tenable.com/security/tns-2022-08
- https://www.tenable.com/security/tns-2022-09
- https://www.tenable.com/security/tns-2022-09