CVE-2022-30556

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.53 and earlier

Description The issue is related to the r:wsread() function in the mod lua module of the Apache HTTP Server, which may return lengths that point past the end of the allocated buffer storage. This can allow a remote attacker to gain unauthorized access to protected information. The vulnerability is associated with insufficient protection of service data.

Recommendations For Apache HTTP Server versions 2.4.53 and earlier, consider disabling the r:wsread() function in the mod lua module as a temporary workaround until a patch is available. Restrict access to the mod lua module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALSA-2022:7647

ALSA-2022:8067

ALT-PU-2022-2087

ALT-PU-2022-2093

ALT-PU-2022-2095

ALT-PU-2023-1260

BDU:2022-04106

BIT-APACHE-2022-30556

CESA-2022_7647

CVE-2022-30556

MGASA-2022-0228

OESA-2022-1718

OPENSUSE-SU-2022_2302-1

OPENSUSE-SU-2022_2342-1

OPENSUSE-SU-2024:12142-1

RHSA-2022:6753

RHSA-2022:7647

RHSA-2022:8067

RHSA-2022_7647

RHSA-2022_8067

RLSA-2022:7647

RLSA-2022:8067

SUSE-SU-2022:2099-1

SUSE-SU-2022:2101-1

SUSE-SU-2022:2302-1

SUSE-SU-2022:2338-1

SUSE-SU-2022:2342-1

USN-5487-1

USN-5487-2

USN-5487-3

Affected Products

Alt Linux

Almalinux

Apache Http Server

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2022-30556

Weakness Enumeration

Related Identifiers

Affected Products

References · 143