UbuntuUpdates.org

Bugs fixes in "apache2"

Origin Bug number Title Date fixed
CVE CVE-2022-30556 Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the 2022-06-21
CVE CVE-2022-30522 If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may m 2022-06-21
CVE CVE-2022-29404 In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no defau 2022-06-21
CVE CVE-2022-28615 Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extrem 2022-06-21
CVE CVE-2022-28614 The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very larg 2022-06-21
CVE CVE-2022-26377 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to sm 2022-06-21
Launchpad 1969629 Apache 2.4.x: mod_http2 sends empty response after MaxRequestsPerChild 2022-05-30
Launchpad 1969629 Apache 2.4.x: mod_http2 sends empty response after MaxRequestsPerChild 2022-05-30
Launchpad 1969629 Apache 2.4.x: mod_http2 sends empty response after MaxRequestsPerChild 2022-05-30
Launchpad 1969629 Apache 2.4.x: mod_http2 sends empty response after MaxRequestsPerChild 2022-05-30
Launchpad 1969629 Apache 2.4.x: mod_http2 sends empty response after MaxRequestsPerChild 2022-05-03
Launchpad 1969629 Apache 2.4.x: mod_http2 sends empty response after MaxRequestsPerChild 2022-05-03
Launchpad 1969629 Apache 2.4.x: mod_http2 sends empty response after MaxRequestsPerChild 2022-05-03
Launchpad 1969629 Apache 2.4.x: mod_http2 sends empty response after MaxRequestsPerChild 2022-05-03
CVE CVE-2022-23943 Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. 2022-03-19
CVE CVE-2022-22721 If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later ca 2022-03-19
CVE CVE-2022-22720 Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server 2022-03-19
CVE CVE-2022-22719 A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Serv 2022-03-19
CVE CVE-2022-23943 Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. 2022-03-17
CVE CVE-2022-22721 If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later ca 2022-03-17



About   -   Send Feedback to @ubuntu_updates