Apache – CVE-2022-28615

Description

Kayran has detected that the version of Apache HTTP Server being used is vulnerable to Information Disclosure and denial of service (DoS).
also known as CVE-2022-28615.

An attacker could abuse the fact that a read beyond bounds in ap_strcmp_match() by providing an extremely large input buffer.
While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may potentially be affected.

This will cause a decrease in performance and also for interruptions in the availability of resources.

Recommendation

To fix CVE-2022-28615, upgrade the version of Apache Server being used to 2.4.54.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615

https://cwe.mitre.org/data/definitions/190.html

< Return to all Vulnerabilities

What is Kayran

Kayran scanner is helping all businesses, both SMBs and enterprises, to test their online assets and products for over 9000 vulnerabilities.Kayran’s mission is to make

Read More »

Crossing Scripts – XSS

Injections. SQL Injections. Cross-site Scripting (hence the amazing title “Crossing Scripts – XSS”). There all sorts of Injection-Based attacks, if you want to read about

Read More »

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Read More »