CVE-2022-30522 Apache HTTP Server 2.4.53 may transform inputs with mod_sed that are large, which can lead to large memory allocations and abort.

CVE-2022-30522 Apache HTTP Server 2.4.53 may transform inputs with mod_sed that are large, which can lead to large memory allocations and abort.

To work around this issue, configure Apache to limit the size of the buffer used by mod_sed by setting the buffer size. For example, if the buffer size is 16MB, and the input to mod_sed is larger than 1MB, Apache will split the input into smaller chunks and mod_sed will allocate a 16MB buffer — which causes mod_sed to abort. To work around this issue, configure Apache to limit the size of the buffer used by mod_sed by setting the buffer size. For example, if the buffer size is 16MB, and the input to mod_sed is larger than 1MB, Apache will split the input into smaller chunks and mod_sed will allocate a 16MB buffer — which causes mod_sed to abort. To set the buffer size, enter the following in your Apache configuration: IfModule mod_sed_buffer_size>

Redirect>

/Redirect>

Location /redirect>

Redirect /path/to/your/script/

/Location>

/IfModule>

If you are only running one Apache instance

Limiting Apache Access to Only the Port Required

Apache needs to be able to access the following ports:

80, 443, and 8080. To limit Apache access only to the required port(s), enter the following in your Apache configuration:

Don't use URLs which transparently handle HTML entities

If you use URLs which transparently handle HTML entities, any URL that includes the encoded entity will then be considered as containing the same HTML entity. This is because the redirection engine for Apache mod_rewrite does not check for this case and instead treats all URLs as equal.
The workaround is to add a RewriteCond directive at the beginning of your URL, such as RewriteCond %{HTMLENCODED} !^%{ENCDATA} . Requiring that the string not start with "!" or "%" prevents any URLs from being treated as equal.

Weakness in mod_headers

If the input to mod_headers is larger than 1MB, mod_headers will split the input into smaller chunks. To work around this issue, configure Apache to limit the size of the buffer used by mod_headers by setting the buffer size. For example, if the buffer size is 16MB, and the input to mod_headers is larger than 1MB, Apache will split the input into smaller chunks and mod_headers will allocate a 16MB buffer — which causes mod_headers to abort. To set the buffer size, enter the following in your Apache configuration: IfModule mod_headers_buffer_size>
Redirect>

/Redirect>

Location /redirect>

Redirect /path/to/your/script/

/Location>
To work around this issue on Apache 2.4 or later versions of it, use a different solution that does not rely on setting up socket buffers for each request (such as using a connection pool).

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe