PT-2023-6410 · Apache+10 · Apache Http Server+10

David Shoon

Published

2023-10-19

Updated

2025-12-03

CVE-2023-31122

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions through 2.4.57

Description The issue is related to an out-of-bounds read vulnerability in the mod macro module of the Apache HTTP Server. This vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations For Apache HTTP Server versions through 2.4.57, update to a version later than 2.4.57 to resolve the issue. As a temporary workaround, consider disabling the mod macro module until a patch is available. Restrict access to the mod macro module to minimize the risk of exploitation.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2024:2278

ALSA-2024:3121

ALT-PU-2023-6831

ALT-PU-2023-7243

ALT-PU-2024-1938

BDU:2023-07124

BIT-APACHE-2023-31122

CESA-2024_3121

CVE-2023-31122

DLA-3818-1

DSA-5662-1

INFSA-2024_2278

INFSA-2024_3121

MGASA-2023-0304

OESA-2023-1790

OESA-2023-1802

OESA-2023-1804

OESA-2023-1805

OESA-2023-1806

OPENSUSE-SU-2023_4430-1

OPENSUSE-SU-2024:13350-1

RHSA-2024:1316

RHSA-2024:2278

RHSA-2024:3121

RHSA-2024_2278

RHSA-2024_3121

RLSA-2024:2278

RLSA-2024:3121

ROSA-SA-2024-2326

SUSE-SU-2023:4430-1

SUSE-SU-2023:4431-1

SUSE-SU-2023:4432-1

SUSE-SU-2023:4451-1

SUSE-SU-2023_4430-1

SUSE-SU-2023_4431-1

SUSE-SU-2023_4432-1

SUSE-SU-2023_4451-1

USN-6506-1

USN-6510-1

Affected Products

Alt Linux

Almalinux

Apache Http Server

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2023-6410 · Apache+10 · Apache Http Server+10

CVE-2023-31122

Weakness Enumeration

Related Identifiers

Affected Products

References · 143