CVE-2022-22720 - Understanding and Exploiting HTTP Request Smuggling in Apache HTTP Server 2.4.52 and Earlier
In January 2022, Apache disclosed CVE-2022-22720, a severe vulnerability affecting Apache HTTP Server versions 2.4.52 and earlier. The issue? The server doesn'
CVE-2022-22721 LimitXMLRequestBody can cause an integer overflow, which later causes out of bounds writes.
We have fixed the issue in Apache by setting the request limit to a lower value.
Apache HTTP Server 2.4.53 has been released
CVE-2022-22719 A crafted request body could crash the process.
The issue seems to be related to the handling of chunked transfer encoding. The Apache developers have released a new version which mitigates this issue.
CVE-2022-23943 An attacker can write to the heap memory of Apache HTTP Server to overwrite it with attacker provided data.
mod_sed is a stream filter module for Apache HTTPD web server. mod_sed is used for filtering requests before they are passed to a
CVE-2022-0853 A flaw was found in JBoss-client
The discovered issue allows a remote attacker to execute arbitrary code on the target system in context of the current user. This can be exploited
Episode
00:00:00
00:00:00