PT-2024-19386 · Apache · Apache Answer
Mohammad Reza Omrani
·
Published
2024-02-22
·
Updated
2025-05-05
·
CVE-2024-22393
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Apache Answer versions through 1.2.1
Description
The issue affects Apache Answer, allowing a logged-in user to cause a Pixel Flood Attack by uploading large pixel files, which can cause the server to run out of memory. This can be done by uploading an image when posting content.
Recommendations
For Apache Answer versions through 1.2.1, upgrade to version 1.2.5, which fixes the issue. As a temporary workaround, consider restricting image uploads for logged-in users until the patch is applied.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Answer