CVE-2022-29404 In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script may cause a denial of service due to no default limit on possible input size.
A possible workaround for this issue is to add the following code to the bottom of the script to limit the size of incoming POST
CVE-2022-28614 The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs().
Reportedly, ap_rputs() is used to send data to the client in mod_proxy. If a proxy module is compiled with the 'ap_rputs&
CVE-2022-26377 The Apache HTTP Server mod_proxy_ajp vulnerability allows attackers to smuggle requests.
mod_proxy_ajp is a module that enables proxying of requests to one or more remote servers. This module is enabled by default in Apache.
CVE-2022-30556 HTTP/2 may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.
This may result in an unsuccessful request or cause an error to be returned to an application.
Apache HTTP Server does not allocate storage for
CVE-2022-28615 performanceani redu larger takeursday comment Z break
The issue may be mitigated by limiting the size of the lua script or module being loaded. Apache HTTP server does not limit the length
Episode
00:00:00
00:00:00