Apache – CVE-2022-28615

Description

Kayran has detected that the version of Apache HTTP Server being used is vulnerable to Information Disclosure and denial of service (DoS).
also known as CVE-2022-28615.

An attacker could abuse the fact that a read beyond bounds in ap_strcmp_match() by providing an extremely large input buffer.
While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may potentially be affected.

This will cause a decrease in performance and also for interruptions in the availability of resources.

Severity/Score

CVSS Version 3.x – 9.1 Critical

Recommendation

To fix CVE-2022-28615, upgrade the version of Apache Server being used to 2.4.54.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615

https://cwe.mitre.org/data/definitions/190.html

< Return to all Vulnerabilities

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

Read More »