Apache – CVE-2022-22721

Description

Kayran has detected that the Version of Apache HTTP Server being used has a ‘Integer Overflow or Wraparound’ vulnerability (CWE-190). Also known as CVE-2022-22721.

The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value.

By defining that the LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes.

There’s a chance that this vulnerability will allow attackers to modify system files and information. Also, it could cause a decrease in performance and interruptions in the availability of resources.

Recommendation

To fix CVE-2022-22721, upgrade the version of Apache HTTP Server being used to 2.4.53.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22721

https://cwe.mitre.org/data/definitions/190.html

< Return to all Vulnerabilities

Passwords 101

Unlike basketballs, “passwords” are things we don’t want to be passed around, especially in a society built around the idea that “mystery” is appealing. We

Read More »

SQLI to RCE

How to preform SQLI TO RCE? One of the most interesting and important things about any site is the database. So, it’s important to protect

Read More »

Man-In-The-Middle Attacks

Do you know these people who just push themselves into conversations?That’s Man-In-The-Middle Attacks. And from a wider angle, Man-In-The-Middle Attacks, or MITM, are built around

Read More »