PT-2023-6410 · Apache+10 · Apache Http Server+10

David Shoon

·

Publicado

2023-10-19

·

Atualizado

2025-12-03

·

CVE-2023-31122

CVSS v2.0

7.8

Alta

VetorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions through 2.4.57
Description The issue is related to an out-of-bounds read vulnerability in the mod macro module of the Apache HTTP Server. This vulnerability can be exploited by a remote attacker to cause a denial of service.
Recommendations For Apache HTTP Server versions through 2.4.57, update to a version later than 2.4.57 to resolve the issue. As a temporary workaround, consider disabling the mod macro module until a patch is available. Restrict access to the mod macro module to minimize the risk of exploitation.

Exploit

Correção

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALSA-2024:2278
ALSA-2024:3121
ALT-PU-2023-6831
ALT-PU-2023-7243
ALT-PU-2024-1938
BDU:2023-07124
BIT-APACHE-2023-31122
CESA-2024_3121
CVE-2023-31122
DLA-3818-1
DSA-5662-1
INFSA-2024_2278
INFSA-2024_3121
MGASA-2023-0304
OESA-2023-1790
OESA-2023-1802
OESA-2023-1804
OESA-2023-1805
OESA-2023-1806
OPENSUSE-SU-2023_4430-1
OPENSUSE-SU-2024:13350-1
RHSA-2024:1316
RHSA-2024:2278
RHSA-2024:3121
RHSA-2024_2278
RHSA-2024_3121
RLSA-2024:2278
RLSA-2024:3121
ROSA-SA-2024-2326
SUSE-SU-2023:4430-1
SUSE-SU-2023:4431-1
SUSE-SU-2023:4432-1
SUSE-SU-2023:4451-1
SUSE-SU-2023_4430-1
SUSE-SU-2023_4431-1
SUSE-SU-2023_4432-1
SUSE-SU-2023_4451-1
USN-6506-1
USN-6510-1

Produtos afetados

Alt Linux
Almalinux
Apache Http Server
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu