Lucene search
UbuntuUSN-5333-1HistoryMar 17, 2022 - 12:00 a.m.
Apache HTTP Server vulnerabilities
2022-03-1700:00:00
ubuntu.com
144
Releases
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 ESM
Packages
- apache2 - Apache HTTP server
Details
Chamal De Silva discovered that the Apache HTTP Server mod_lua module
incorrectly handled certain crafted request bodies. A remote attacker could
possibly use this issue to cause the server to crash, resulting in a denial
of service. (CVE-2022-22719)
James Kettle discovered that the Apache HTTP Server incorrectly closed
inbound connection when certain errors are encountered. A remote attacker
could possibly use this issue to perform an HTTP Request Smuggling attack.
(CVE-2022-22720)
It was discovered that the Apache HTTP Server incorrectly handled large
LimitXMLRequestBody settings on certain platforms. In certain
configurations, a remote attacker could use this issue to cause the server
to crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2022-22721)
Ronald Crane discovered that the Apache HTTP Server mod_sed module
incorrectly handled memory. A remote attacker could use this issue to cause
the server to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2022-23943)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 21.10 | noarch | apache2 | < 2.4.48-3.1ubuntu3.3 | UNKNOWN |
| Ubuntu | 21.10 | noarch | apache2-bin | < 2.4.48-3.1ubuntu3.3 | UNKNOWN |
| Ubuntu | 21.10 | noarch | apache2-bin-dbgsym | < 2.4.48-3.1ubuntu3.3 | UNKNOWN |
| Ubuntu | 21.10 | noarch | apache2-data | < 2.4.48-3.1ubuntu3.3 | UNKNOWN |
| Ubuntu | 21.10 | noarch | apache2-dev | < 2.4.48-3.1ubuntu3.3 | UNKNOWN |
| Ubuntu | 21.10 | noarch | apache2-doc | < 2.4.48-3.1ubuntu3.3 | UNKNOWN |
| Ubuntu | 21.10 | noarch | apache2-ssl-dev | < 2.4.48-3.1ubuntu3.3 | UNKNOWN |
| Ubuntu | 21.10 | noarch | apache2-suexec-custom | < 2.4.48-3.1ubuntu3.3 | UNKNOWN |
| Ubuntu | 21.10 | noarch | apache2-suexec-custom-dbgsym | < 2.4.48-3.1ubuntu3.3 | UNKNOWN |
| Ubuntu | 21.10 | noarch | apache2-suexec-pristine | < 2.4.48-3.1ubuntu3.3 | UNKNOWN |
Related
nessus
nessus
EulerOS 2.0 SP9 : httpd (EulerOS-SA-2022-1867)
2022-06-15 00:00:00
Amazon Linux 2022 : (ALAS2022-2022-053)
2022-09-06 00:00:00
Debian DLA-2960-1 : apache2 - LTS security update
2022-03-22 00:00:00
slackware
slackware
[slackware-security] httpd
2022-03-15 01:06:06
openvas
openvas
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-1893)
2022-06-17 00:00:00
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-1790)
2022-06-07 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:0918-1)
2022-03-22 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package apache2 version 1:2.4.53-alt1
2022-03-29 00:00:00
Security fix for the ALT Linux 10 package apache2 version 1:2.4.53-alt1
2022-03-25 00:00:00
amazon
amazon
Important: httpd24
2022-04-26 17:12:00
Important: httpd
2022-04-25 22:57:00
redos
redos
ROS-20220317-01
2022-03-17 00:00:00
kaspersky
kaspersky
KLA12485 Multiple vulnerabilities in Apache HTTP Server
2022-03-14 00:00:00
mageia
mageia
Updated apache packages fix security vulnerability
2022-03-21 23:18:30
ubuntu
ubuntu
Apache HTTP Server vulnerabilities
2022-03-17 00:00:00
osv
osv
apache2 vulnerabilities
2022-03-17 19:10:08
CVE-2022-23943
2022-03-14 11:15:09
BIT-apache-2022-23943
2024-03-06 10:53:25
fedora
fedora
[SECURITY] Fedora 34 Update: httpd-2.4.53-1.fc34
2022-03-25 22:06:50
[SECURITY] Fedora 36 Update: httpd-2.4.53-1.fc36
2022-03-26 15:55:33
[SECURITY] Fedora 35 Update: httpd-2.4.53-1.fc35
2022-03-22 03:44:42
ibm
ibm
freebsd
freebsd
Apache httpd -- Multiple vulnerabilities
2022-03-14 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2022-0455
2022-03-25 00:00:00
Critical Photon OS Security Update - PHSA-2022-0166
2022-03-25 00:00:00
Critical Photon OS Security Update - PHSA-2022-4.0-0166
2022-03-25 00:00:00
thn
thn
cloudlinux
cloudlinux
Fix of CVE: CVE-2022-22721, CVE-2022-22720
2022-03-24 15:36:17
rosalinux
rosalinux
Advisory ROSA-SA-2023-2160
2023-04-25 12:02:31
cbl_mariner
cbl_mariner
CVE-2022-23943 affecting package httpd 2.4.52-1
2022-04-07 06:04:02
CVE-2022-22719 affecting package httpd 2.4.52-1
2022-04-07 06:04:02
CVE-2022-22719 affecting package httpd for versions less than 2.4.53-1
2022-04-26 19:57:38
hackerone
hackerone
Internet Bug Bounty: Read and write beyond bounds in mod_sed
2022-03-14 19:03:51
veracode
veracode
Out-of-bounds Write
2022-03-15 13:26:56
Denial Of Service (DoS)
2022-03-15 10:14:37
Integer Overflow
2022-03-15 10:12:50
debiancve
debiancve
prion
prion
Integer overflow
2022-03-14 11:15:00
Design/Logic Flaw
2022-03-14 11:15:00
Design/Logic Flaw
2022-03-14 11:15:00
alpinelinux
alpinelinux
cvelist
cvelist
CVE-2022-22719 mod_lua Use of uninitialized value of in r:parsebody
2022-03-14 10:15:16
CVE-2022-22721 core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody
2022-03-14 10:15:40
CVE-2022-23943 mod_sed: Read/write beyond bounds
2022-03-14 10:15:54
httpd
httpd
ubuntucve
ubuntucve
f5
f5
K87540800 : Apache vulnerability CVE-2022-22719
2022-04-19 00:00:00
K20451100 : Apache vulnerability CVE-2022-22721
2022-04-12 00:00:00
K67090077 : Apache HTTP Server vulnerability CVE-2022-22720
2022-05-13 00:00:00
zdi
zdi
redhatcve
redhatcve
cve
cve
redhat
redhat
(RHSA-2022:1072) Important: httpd:2.4 security update
2022-03-28 08:51:50
(RHSA-2022:1173) Important: httpd security update
2022-04-04 08:38:36
(RHSA-2022:1080) Important: httpd:2.4 security update
2022-03-28 10:33:53
oraclelinux
oraclelinux
httpd security update
2022-03-31 00:00:00
httpd security update
2022-03-24 00:00:00
httpd:2.4 security update
2022-03-25 00:00:00
almalinux
almalinux
Important: httpd:2.4 security update
2022-03-24 10:44:04
Moderate: httpd:2.4 security update
2022-11-08 00:00:00
centos
centos
httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update
2022-03-29 13:35:36
rocky
rocky
httpd:2.4 security update
2022-03-24 10:44:04
httpd:2.4 security update
2022-11-08 06:25:28