PT-2022-1921 · Apache+11 · Apache Http Server+11

Published

2022-03-14

·

Updated

2025-03-22

·

CVE-2022-22719

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.52 and earlier
Description The issue is related to insufficient input validation in the Apache HTTP Server, which can be exploited by a remote attacker to cause a denial of service (DoS) by sending specially crafted data to the application. A carefully crafted request body can cause a read to a random memory area, potentially leading to a process crash.
Recommendations For Apache HTTP Server versions 2.4.52 and earlier, update to version 2.4.53 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable r:parsebody function until a patch is available. Avoid using specially crafted request bodies in the affected API endpoints until the issue is resolved.

Exploit

Fix

RCE

Improper Initialization

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-665

Related Identifiers

ALSA-2022:7647
ALSA-2022:8067
ALT-PU-2022-1522
ALT-PU-2022-1553
ALT-PU-2022-1574
ALT-PU-2022-1602
AZL-9015
BDU:2022-01457
BIT-APACHE-2022-22719
CESA-2022_7647
CVE-2022-22719
DLA-2960-1
MGASA-2022-0105
OESA-2022-1596
OPENSUSE-SU-2022:1031-1
OPENSUSE-SU-2022_1031-1
OPENSUSE-SU-2024:11919-1
RHSA-2022:6753
RHSA-2022:7647
RHSA-2022:8067
RHSA-2022_7647
RHSA-2022_8067
RLSA-2022:7647
RLSA-2022:8067
SUSE-SU-2022:0918-1
SUSE-SU-2022:0928-1
SUSE-SU-2022:0929-1
SUSE-SU-2022:1031-1
SUSE-SU-2022_0918-1
SUSE-SU-2022_0928-1
SUSE-SU-2022_0929-1
SUSE-SU-2022_1031-1
USN-5333-1
USN-5333-2

Affected Products

Alt Linux
Almalinux
Apache Http Server
Astra Linux
Centos
Linuxmint
Apple Macos
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu