Apache – CVE-2022-29404

Description

Kayran has detected that the version of Apache HTTP Server being used is vulnerable to denial of service (DoS). Also known as CVE-2022-29404.

By sending a malicious request to a lua script that calls r:parsebody(0), a denial of service is possible.
That happens due to no default limit on the possible input size.

Severity/Score

CVSS Version 3.x – 7.5 High

Recommendation

To fix CVE-2022-29404, upgrade the version of Apache Server being used to 2.4.54.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404

https://cwe.mitre.org/data/definitions/770.html

< Return to all Vulnerabilities

Man-In-The-Middle Attacks

Do you know these people who just push themselves into conversations?That’s Man-In-The-Middle Attacks. And from a wider angle, Man-In-The-Middle Attacks, or MITM, are built around

Read More »

Browser Exploitation

We know that it’s possible to exploit weaknesses (or vulnerabilities) that exist in anything, from a certain code to the entire application, let’s talk about

Read More »