BIT-apache-2022-28614

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/apache/BIT-apache-2022-28614.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-apache-2022-28614
Aliases
Published
2024-03-06T10:52:51.677Z
Modified
2024-10-02T07:52:37.481Z
Summary
[none]
Details

The aprwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using aprwrite() or aprputs(), such as with modluas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'aprputs' function and may pass it a very large (INTMAX or larger) string must be compiled against current headers to resolve the issue.

Database specific
{
    "cpes": [
        "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / apache

Package

Name
apache
Purl
pkg:bitnami/apache

Severity

  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.54