ALAS-2022-1584 --- httpd24ID: oval:org.secpod.oval:def:1601532 | Date: (C)2022-05-02 (M)2024-01-29 |
Class: PATCH | Family: unix |
A flaw was found in the mod_lua module of httpd. A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function. The highest treat of this vulnerability is availability. A flaw was found in httpd. The inbound connection is not closed when it fails to discard the request body, which may expose the server to HTTP request smuggling. A flaw was found in httpd, where it incorrectly limits the value of the LimitXMLRequestBody option. This issue can lead to an integer overflow and later causes an out-of-bounds write. An out-of-bounds read/write vulnerability was found in the mod_sed module of httpd. This flaw allows an attacker to overwrite the memory of an httpd instance that is using mod_sed with data provided by the attacker
Platform: |
Amazon Linux AMI |
Product: |
httpd24 |
mod24_session |
mod24_ldap |
mod24_proxy_html |
mod24_md |
mod24_ssl |