Apache – CVE-2022-22719

Description

Kayran has detected that the Version of Apache HTTP Server being used use a ‘mod_lua’ of an uninitialized value in ‘r:parsebody’.
CVE-2022-22719 is categorized as a ‘Improper Initialization’ vulnerability (CWE-665).
Improper Initialization occur when the software does not initialize or incorrectly initializes a resource.

That might leave resources in an unexpected state when it’s being accessed or used.

By crafting a request, its body can cause a ‘read’ to a random memory area which could cause the entire process to crash.
It could lead to a decrease in performance and interruptions in the availability of resources.

Recommendation

To fix CVE-2022-22719, upgrade the version of Apache HTTP Server being used to 2.4.53.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22719

https://cwe.mitre.org/data/definitions/665.html

< Return to all Vulnerabilities

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Read More »