vulnerability
Amazon Linux 2023: CVE-2022-28615: Important priority package update for httpd
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:H/Au:N/C:C/I:N/A:C) | 2022-06-08 | 2025-02-17 | 2025-02-17 |
Severity
7
CVSS
(AV:N/AC:H/Au:N/C:C/I:N/A:C)
Published
2022-06-08
Added
2025-02-17
Modified
2025-02-17
Description
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.
An out-of-bounds read vulnerability was found in httpd. A very large input to the ap_strcmp_match function can lead to an integer overflow and result in an out-of-bounds read.
An out-of-bounds read vulnerability was found in httpd. A very large input to the ap_strcmp_match function can lead to an integer overflow and result in an out-of-bounds read.
Solution(s)
amazon-linux-2023-upgrade-httpdamazon-linux-2023-upgrade-httpd-coreamazon-linux-2023-upgrade-httpd-core-debuginfoamazon-linux-2023-upgrade-httpd-debuginfoamazon-linux-2023-upgrade-httpd-debugsourceamazon-linux-2023-upgrade-httpd-develamazon-linux-2023-upgrade-httpd-filesystemamazon-linux-2023-upgrade-httpd-manualamazon-linux-2023-upgrade-httpd-toolsamazon-linux-2023-upgrade-httpd-tools-debuginfoamazon-linux-2023-upgrade-mod-ldapamazon-linux-2023-upgrade-mod-ldap-debuginfoamazon-linux-2023-upgrade-mod-luaamazon-linux-2023-upgrade-mod-lua-debuginfoamazon-linux-2023-upgrade-mod-proxy-htmlamazon-linux-2023-upgrade-mod-proxy-html-debuginfoamazon-linux-2023-upgrade-mod-sessionamazon-linux-2023-upgrade-mod-session-debuginfoamazon-linux-2023-upgrade-mod-sslamazon-linux-2023-upgrade-mod-ssl-debuginfo
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.