Kayran has detected that the version of Apache HTTP Server being used is vulnerable to Information Disclosure and denial of service (DoS).
also known as CVE-2022-28615.
An attacker could abuse the fact that a read beyond bounds in ap_strcmp_match() by providing an extremely large input buffer.
While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may potentially be affected.
This will cause a decrease in performance and also for interruptions in the availability of resources.
CVSS Version 3.x – 9.1 Critical
To fix CVE-2022-28615, upgrade the version of Apache Server being used to 2.4.54.