Apache Buffer Vulnerability
A critical* vulnerability related to Apache HTTP Server has just published.
The version of Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.
Affected Systems
- Apache HTTP Server (version 2.4.53 and earlier)
IoC’s
-
Recommended Solution(s)
It is highly recommended to upgrade Apache HTTP Server version 2.5.54 (2022-06-08).
It is recommended to check up on the content on the link below:
https://httpd.apache.org/security/vulnerabilities_24.htmlCVE / CWE
CVE-2022-28615
Related Website(s)
- https://nvd.nist.gov/vuln/detail/CVE-2022-28615
- https://httpd.apache.org/security/vulnerabilities_24.html
* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.
Current Security Vulnerability Reports
İSTANBUL
+90 216 504 53 32
Aydınevler Mahallesi,İsmet İnönü Cadddesi,Küçükyalı Ofis Park A Blok,No:20/1 Maltepe İstanbul
ANKARA
+90 312 235 44 51
VULNERABILITY NEWSLETTER
You can register to our newsletter on the home page to be instantly informed about security vulnerabilities.
© 2021 Barikat Cyber Security All rights reserved.