ELSA-2022-7647 -- Oracle mod_md_httpd_mod_http2_mod_ldap_mod_proxy_html_mod_session_mod_sslID: oval:org.secpod.oval:def:1506153 | Date: (C)2022-11-23 (M)2024-01-29 |
Class: PATCH | Family: unix |
httpd [2.4.37-51.0.1] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracles index page oracle_index.html [2.4.37-51] - Resolves: #2097015 - CVE-2022-28614 httpd:2.4/httpd: out-of-bounds read via ap_rwrite - Resolves: #2097031 - CVE-2022-28615 httpd:2.4/httpd: out-of-bounds read in ap_strcmp_match - Resolves: #2097458 - CVE-2022-30522 httpd:2.4/httpd: mod_sed: DoS vulnerability - Resolves: #2097480 - CVE-2022-30556 httpd:2.4/httpd: mod_lua: Information disclosure with websockets - Resolves: #2098247 - CVE-2022-31813 httpd:2.4/httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism - Resolves: #2097451 - CVE-2022-29404 httpd:2.4/httpd: mod_lua: DoS in r:parsebody - Resolves: #2096997 - CVE-2022-26377 httpd:2.4/httpd: mod_proxy_ajp: Possible request smuggling [2.4.37-50] - Resolves: #2065237 - CVE-2022-22719 httpd:2.4/httpd: mod_lua: Use of uninitialized value of in r:parsebody - Resolves: #2065267 - CVE-2022-22721 httpd:2.4/httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody - Resolves: #2065324 - CVE-2022-23943 httpd:2.4/httpd: mod_sed: Read/write beyond bounds [2.4.37-49] - Resolves: #2090848 - CVE-2020-13950 httpd:2.4/httpd: mod_proxy NULL pointer dereference [2.4.37-48] - Resolves: #2065249 - CVE-2022-22720 httpd:2.4/httpd: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier mod_http2 [1.15.7-5] - Resolves: #2035030 - CVE-2021-44224 httpd:2.4/httpd: possible NULL dereference or SSRF in forward proxy configurations [1.15.7-4] - Resolves: #1966728 - CVE-2021-33193 httpd:2.4/mod_http2: httpd: Request splitting via HTTP/2 method injection and mod_proxy
Product: |
mod_md |
httpd |
mod_http2 |
mod_ldap |
mod_proxy_html |
mod_session |
mod_ssl |