Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.
References
Configurations
History
07 Nov 2023, 03:45
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
24 Aug 2022, 18:17
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/ - Mailing List, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202208-20 - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/ - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220624-0005/ - Third Party Advisory | |
First Time |
Fedoraproject
Netapp Netapp clustered Data Ontap Fedoraproject fedora |
|
CPE | cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* |
15 Aug 2022, 11:20
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Jul 2022, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Jul 2022, 06:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Jun 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Jun 2022, 14:37
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-190 | |
First Time |
Apache
Apache http Server |
|
CVSS |
v2 : v3 : |
v2 : 6.4
v3 : 9.1 |
CPE | cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* | |
References | (MISC) https://httpd.apache.org/security/vulnerabilities_24.html - Vendor Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2022/06/08/9 - Mailing List, Third Party Advisory |
09 Jun 2022, 17:33
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-09 17:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-28615
Mitre link : CVE-2022-28615
CVE.ORG link : CVE-2022-28615
JSON object : View
Products Affected
netapp
- clustered_data_ontap
apache
- http_server
fedoraproject
- fedora
CWE
CWE-190
Integer Overflow or Wraparound