Apache – CVE-2022-29404

Description

Kayran has detected that the version of Apache HTTP Server being used is vulnerable to denial of service (DoS). Also known as CVE-2022-29404.

By sending a malicious request to a lua script that calls r:parsebody(0), a denial of service is possible.
That happens due to no default limit on the possible input size.

Recommendation

To fix CVE-2022-29404, upgrade the version of Apache Server being used to 2.4.54.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404

< Return to all Vulnerabilities

HTTP VS. HTTPS

You must have once wondered what HTTP means and what is the difference between that ugly word to HTTPS, and if not, then please read

Read More »