ALAS2-2022-1783 --- httpdID: oval:org.secpod.oval:def:1700890 | Date: (C)2022-05-04 (M)2024-01-29 |
Class: PATCH | Family: unix |
A flaw was found in the mod_lua module of httpd. A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function. The highest treat of this vulnerability is availability. A flaw was found in httpd. The inbound connection is not closed when it fails to discard the request body, which may expose the server to HTTP request smuggling. A flaw was found in httpd, where it incorrectly limits the value of the LimitXMLRequestBody option. This issue can lead to an integer overflow and later causes an out-of-bounds write. An out-of-bounds read/write vulnerability was found in the mod_sed module of httpd. This flaw allows an attacker to overwrite the memory of an httpd instance that is using mod_sed with data provided by the attacker
Product: |
httpd |
mod_ssl |
mod_md |
mod_proxy_html |
mod_ldap |
mod_session |