Details of VAR-202203-0034

ID

VAR-202203-0034

CVE

CVE-2022-22719

TITLE

Apache HTTP Server Vulnerability to read random memory area in

Trust: 0.8

sources: JVNDB: JVNDB-2022-001478

DESCRIPTION

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. The server is fast, reliable and extensible through a simple API. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd24-httpd security and bug fix update Advisory ID: RHSA-2022:6753-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2022:6753 Issue date: 2022-09-29 CVE Names: CVE-2021-33193 CVE-2021-34798 CVE-2021-36160 CVE-2021-39275 CVE-2021-44224 CVE-2022-22719 CVE-2022-22721 CVE-2022-23943 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813 ===================================================================== 1. Summary: An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Security Fix(es): * httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943) * httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193) * httpd: NULL pointer dereference via malformed requests (CVE-2021-34798) * httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160) * httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275) * httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224) * httpd: mod_lua: Use of uninitialized value of in r:parsebody (CVE-2022-22719) * httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721) * httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377) * httpd: mod_lua: DoS in r:parsebody (CVE-2022-29404) * httpd: mod_sed: DoS vulnerability (CVE-2022-30522) * httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813) * httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614) * httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615) * httpd: mod_lua: Information disclosure with websockets (CVE-2022-30556) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319) Additional changes: * To fix CVE-2022-29404, the default value for the "LimitRequestBody" directive in the Apache HTTP Server has been changed from 0 (unlimited) to 1 GiB. On systems where the value of "LimitRequestBody" is not explicitly specified in an httpd configuration file, updating the httpd package sets "LimitRequestBody" to the default value of 1 GiB. As a consequence, if the total size of the HTTP request body exceeds this 1 GiB default limit, httpd returns the 413 Request Entity Too Large error code. If the new default allowed size of an HTTP request message body is insufficient for your use case, update your httpd configuration files within the respective context (server, per-directory, per-file, or per-location) and set your preferred limit in bytes. For example, to set a new 2 GiB limit, use: LimitRequestBody 2147483648 Systems already configured to use any explicit value for the "LimitRequestBody" directive are unaffected by this change. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1966728 - CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy 2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input 2005124 - CVE-2021-36160 httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path 2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests 2034672 - CVE-2021-44224 httpd: possible NULL dereference or SSRF in forward proxy configurations 2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds 2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody 2064322 - CVE-2022-22719 httpd: mod_lua: Use of uninitialized value of in r:parsebody 2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling 2095002 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite() 2095006 - CVE-2022-28615 httpd: out-of-bounds read in ap_strcmp_match() 2095012 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody 2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability 2095018 - CVE-2022-30556 httpd: mod_lua: Information disclosure with websockets 2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: httpd24-httpd-2.4.34-23.el7.5.src.rpm noarch: httpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm ppc64le: httpd24-httpd-2.4.34-23.el7.5.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.5.ppc64le.rpm httpd24-httpd-devel-2.4.34-23.el7.5.ppc64le.rpm httpd24-httpd-tools-2.4.34-23.el7.5.ppc64le.rpm httpd24-mod_ldap-2.4.34-23.el7.5.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-23.el7.5.ppc64le.rpm httpd24-mod_session-2.4.34-23.el7.5.ppc64le.rpm httpd24-mod_ssl-2.4.34-23.el7.5.ppc64le.rpm s390x: httpd24-httpd-2.4.34-23.el7.5.s390x.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.5.s390x.rpm httpd24-httpd-devel-2.4.34-23.el7.5.s390x.rpm httpd24-httpd-tools-2.4.34-23.el7.5.s390x.rpm httpd24-mod_ldap-2.4.34-23.el7.5.s390x.rpm httpd24-mod_proxy_html-2.4.34-23.el7.5.s390x.rpm httpd24-mod_session-2.4.34-23.el7.5.s390x.rpm httpd24-mod_ssl-2.4.34-23.el7.5.s390x.rpm x86_64: httpd24-httpd-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-devel-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-tools-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_ldap-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_proxy_html-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_session-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_ssl-2.4.34-23.el7.5.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: httpd24-httpd-2.4.34-23.el7.5.src.rpm noarch: httpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm x86_64: httpd24-httpd-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-devel-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-tools-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_ldap-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_proxy_html-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_session-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_ssl-2.4.34-23.el7.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-33193 https://access.redhat.com/security/cve/CVE-2021-34798 https://access.redhat.com/security/cve/CVE-2021-36160 https://access.redhat.com/security/cve/CVE-2021-39275 https://access.redhat.com/security/cve/CVE-2021-44224 https://access.redhat.com/security/cve/CVE-2022-22719 https://access.redhat.com/security/cve/CVE-2022-22721 https://access.redhat.com/security/cve/CVE-2022-23943 https://access.redhat.com/security/cve/CVE-2022-26377 https://access.redhat.com/security/cve/CVE-2022-28614 https://access.redhat.com/security/cve/CVE-2022-28615 https://access.redhat.com/security/cve/CVE-2022-29404 https://access.redhat.com/security/cve/CVE-2022-30522 https://access.redhat.com/security/cve/CVE-2022-30556 https://access.redhat.com/security/cve/CVE-2022-31813 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/articles/6975397 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYzXoqNzjgjWX9erEAQhSKA//d1V5w3Dbdd0R1QxlXMIweLpztJrkXpmN EY7WAFIMy0MG64KNjZFF5i4USpUlCm/tZX/fHZas4JjhZBqLxNSqsOdPeynDqp+8 qZnnGiIhyO37S7x5v89VSaWngLpTi2f0d7RmJ05VJzAP8Q0a9cTqtIZiCsM18tTg BdoD1M/VWUhtPWCzgXiQVI8yF44IOenN2095OCv1Vxc3kiwQdbWcd7Uqz2TgVQ1m qeqh9AHqaDTwHVM9Ipj5oGp1Ue5zsyAEd77ClBCAzP3p7bWucfTErDrUSE3/hkDm H8BlPVPaOsRv0poFvvCODQhccC2bFc3uxoKzfSx+/WwkrU7vO/5/npmOfcwKfvBQ FYqhqADiUcfpJGENligpNAHLI+Pijrl2Tfwl0XbDa8+7KXQ0T75VG3Gq7dFlPcUm 965hFguLI0es2FpGcJldEqsc1XJxdkPmzTYhqDWLLED5X72dwQdtKwhMaFFVctK+ KyspQqaci6bVr9ETF89r0ZBmnxXjSIY7/ijySy0KnldW25t+ZGmLV4pM3CYb7ZVz qEm9I/oRD0JB/4C5Bk9j5nWF3gzE2MhYfeepqINGIbfvNPiP8G2LFL/CEz46isF9 rFUT/az/p5mdNEwwe5GhEgLkpk0fhcZiAtJ4bGRcJ9YRURh5rrMPtXmXP5THoMau 3VmN11LnfT4= =pvMD -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 9) - aarch64, noarch, ppc64le, s390x, x86_64 3. The following packages have been upgraded to a later upstream version: httpd (2.4.53). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section. Needs documentation. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Apache HTTPD: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #813429, #816399, #816864, #829722, #835131, #850622 ID: 202208-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Apache HTTPD users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54" All Apache HTTPD tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54" References ========= [ 1 ] CVE-2021-33193 https://nvd.nist.gov/vuln/detail/CVE-2021-33193 [ 2 ] CVE-2021-34798 https://nvd.nist.gov/vuln/detail/CVE-2021-34798 [ 3 ] CVE-2021-36160 https://nvd.nist.gov/vuln/detail/CVE-2021-36160 [ 4 ] CVE-2021-39275 https://nvd.nist.gov/vuln/detail/CVE-2021-39275 [ 5 ] CVE-2021-40438 https://nvd.nist.gov/vuln/detail/CVE-2021-40438 [ 6 ] CVE-2021-41524 https://nvd.nist.gov/vuln/detail/CVE-2021-41524 [ 7 ] CVE-2021-41773 https://nvd.nist.gov/vuln/detail/CVE-2021-41773 [ 8 ] CVE-2021-42013 https://nvd.nist.gov/vuln/detail/CVE-2021-42013 [ 9 ] CVE-2021-44224 https://nvd.nist.gov/vuln/detail/CVE-2021-44224 [ 10 ] CVE-2021-44790 https://nvd.nist.gov/vuln/detail/CVE-2021-44790 [ 11 ] CVE-2022-22719 https://nvd.nist.gov/vuln/detail/CVE-2022-22719 [ 12 ] CVE-2022-22720 https://nvd.nist.gov/vuln/detail/CVE-2022-22720 [ 13 ] CVE-2022-22721 https://nvd.nist.gov/vuln/detail/CVE-2022-22721 [ 14 ] CVE-2022-23943 https://nvd.nist.gov/vuln/detail/CVE-2022-23943 [ 15 ] CVE-2022-26377 https://nvd.nist.gov/vuln/detail/CVE-2022-26377 [ 16 ] CVE-2022-28614 https://nvd.nist.gov/vuln/detail/CVE-2022-28614 [ 17 ] CVE-2022-28615 https://nvd.nist.gov/vuln/detail/CVE-2022-28615 [ 18 ] CVE-2022-29404 https://nvd.nist.gov/vuln/detail/CVE-2022-29404 [ 19 ] CVE-2022-30522 https://nvd.nist.gov/vuln/detail/CVE-2022-30522 [ 20 ] CVE-2022-30556 https://nvd.nist.gov/vuln/detail/CVE-2022-30556 [ 21 ] CVE-2022-31813 https://nvd.nist.gov/vuln/detail/CVE-2022-31813 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-20 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================= Ubuntu Security Notice USN-5333-2 March 17, 2022 apache2 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in Apache HTTP Server. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Chamal De Silva discovered that the Apache HTTP Server mod_lua module incorrectly handled certain crafted request bodies. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2022-22719) James Kettle discovered that the Apache HTTP Server incorrectly closed inbound connection when certain errors are encountered. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-22720) It was discovered that the Apache HTTP Server incorrectly handled large LimitXMLRequestBody settings on certain platforms. In certain configurations, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-22721) Ronald Crane discovered that the Apache HTTP Server mod_sed module incorrectly handled memory. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-23943) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: apache2 2.4.18-2ubuntu3.17+esm5 apache2-bin 2.4.18-2ubuntu3.17+esm5 Ubuntu 14.04 ESM: apache2 2.4.7-1ubuntu4.22+esm4 apache2-bin 2.4.7-1ubuntu4.22+esm4 In general, a standard system update will make all the necessary changes

Trust: 2.34

sources: NVD: CVE-2022-22719 // JVNDB: JVNDB-2022-001478 // VULHUB: VHN-411395 // VULMON: CVE-2022-22719 // PACKETSTORM: 168565 // PACKETSTORM: 169845 // PACKETSTORM: 169770 // PACKETSTORM: 168072 // PACKETSTORM: 166355 // PACKETSTORM: 166365

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.7	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	oracle	model:	http server	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	36	Trust: 1.0
vendor:	oracle	model:	zfs storage appliance kit	scope:	eq	version:	8.8	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	34	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	35	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	11.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	12.4	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.6.6	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	10.15.7	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	apache	model:	http server	scope:	lte	version:	2.4.52	Trust: 1.0
vendor:	oracle	model:	http server	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	日本電気	model:	actsecure ポータル	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	witchymail	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	connexive pf	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	spoolserver/reportfiling	scope:	-	version:	-	Trust: 0.8
vendor:	apache	model:	http server	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	日立高信頼サーバ rv3000	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	webotx application server	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-001478 // NVD: CVE-2022-22719

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-22719
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-22719
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202203-1274
value:	HIGH
Trust: 0.6
VULHUB:	VHN-411395
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-22719
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-22719
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-411395
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-22719
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-22719
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-411395 // VULMON: CVE-2022-22719 // JVNDB: JVNDB-2022-001478 // CNNVD: CNNVD-202203-1274 // NVD: CVE-2022-22719

PROBLEMTYPE DATA

problemtype:	CWE-665	Trust: 1.1
problemtype:	Improper initialization (CWE-665) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-411395 // JVNDB: JVNDB-2022-001478 // NVD: CVE-2022-22719

THREAT TYPE

remote

Trust: 0.9

sources: PACKETSTORM: 168072 // PACKETSTORM: 166355 // PACKETSTORM: 166365 // CNNVD: CNNVD-202203-1274

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202203-1274

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-411395

PATCH

title:	hitachi-sec-2023-217	url:	https://httpd.apache.org/security/vulnerabilities_24.html	Trust: 0.8
title:	Apache HTTP Server Enter the fix for the verification error vulnerability	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=186369	Trust: 0.6
title:	Red Hat:	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2022-22719	Trust: 0.1
title:	Ubuntu Security Notice: USN-5333-2: Apache HTTP Server vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5333-2	Trust: 0.1
title:	Ubuntu Security Notice: USN-5333-1: Apache HTTP Server vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5333-1	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2022-1584	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2022-1584	Trust: 0.1
title:	Red Hat: Moderate: httpd:2.4 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20227647 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: httpd security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20228067 - Security Advisory	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2022-1783	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1783	Trust: 0.1
title:	Red Hat: Moderate: httpd24-httpd security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226753 - Security Advisory	Trust: 0.1
title:	Amazon Linux 2022: ALAS2022-2022-053	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-053	Trust: 0.1
title:	Apple: macOS Monterey 12.4	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=73857ee26a600b1527481f1deacc0619	Trust: 0.1
title:	PROJET TUTEURE	url:	https://github.com/PierreChrd/py-projet-tut	Trust: 0.1
title:	Tier 0 Tier 1 Tier 2	url:	https://github.com/Totes5706/TotesHTB	Trust: 0.1
title:	Requirements vulnsearch-cve Usage vulnsearch Usage Test Sample	url:	https://github.com/kasem545/vulnsearch	Trust: 0.1
title:	Skynet	url:	https://github.com/bioly230/THM_Skynet	Trust: 0.1
title:	Shodan Search Script	url:	https://github.com/firatesatoglu/shodanSearch	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-22719 // JVNDB: JVNDB-2022-001478 // CNNVD: CNNVD-202203-1274

EXTERNAL IDS

db:	NVD	id:	CVE-2022-22719	Trust: 4.0
db:	OPENWALL	id:	OSS-SECURITY/2022/03/14/4	Trust: 2.6
db:	PACKETSTORM	id:	166355	Trust: 0.8
db:	PACKETSTORM	id:	166365	Trust: 0.8
db:	PACKETSTORM	id:	169770	Trust: 0.8
db:	PACKETSTORM	id:	168565	Trust: 0.8
db:	PACKETSTORM	id:	168072	Trust: 0.8
db:	JVN	id:	JVNVU99602154	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-001478	Trust: 0.8
db:	PACKETSTORM	id:	167189	Trust: 0.7
db:	PACKETSTORM	id:	169845	Trust: 0.7
db:	CS-HELP	id:	SB2022050324	Trust: 0.6
db:	CS-HELP	id:	SB2022051703	Trust: 0.6
db:	CS-HELP	id:	SB2022060706	Trust: 0.6
db:	CS-HELP	id:	SB2022031504	Trust: 0.6
db:	CS-HELP	id:	SB2022041954	Trust: 0.6
db:	CS-HELP	id:	SB2022031727	Trust: 0.6
db:	CS-HELP	id:	SB2022031416	Trust: 0.6
db:	CS-HELP	id:	SB2022032127	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1158	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2411	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1234	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1078	Trust: 0.6
db:	CNNVD	id:	CNNVD-202203-1274	Trust: 0.6
db:	CNVD	id:	CNVD-2022-41639	Trust: 0.1
db:	PACKETSTORM	id:	167188	Trust: 0.1
db:	PACKETSTORM	id:	167186	Trust: 0.1
db:	VULHUB	id:	VHN-411395	Trust: 0.1
db:	VULMON	id:	CVE-2022-22719	Trust: 0.1

sources: VULHUB: VHN-411395 // VULMON: CVE-2022-22719 // PACKETSTORM: 168565 // PACKETSTORM: 169845 // PACKETSTORM: 169770 // PACKETSTORM: 168072 // PACKETSTORM: 166355 // PACKETSTORM: 166365 // JVNDB: JVNDB-2022-001478 // CNNVD: CNNVD-202203-1274 // NVD: CVE-2022-22719

REFERENCES

url:	http://www.openwall.com/lists/oss-security/2022/03/14/4	Trust: 2.6
url:	https://security.gentoo.org/glsa/202208-20	Trust: 1.9
url:	https://support.apple.com/kb/ht213255	Trust: 1.8
url:	https://support.apple.com/kb/ht213256	Trust: 1.8
url:	https://support.apple.com/kb/ht213257	Trust: 1.8
url:	https://security.netapp.com/advisory/ntap-20220321-0001/	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2022/may/38	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2022/may/35	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2022/may/33	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22719	Trust: 1.4
url:	https://httpd.apache.org/security/vulnerabilities_24.html	Trust: 1.2
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rgwilbort67shmslysqzg2nmxgcmpuzo/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/z7h26wj6tpknwv3qky4bhkukqvutzjtd/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x73c35mmmzgbvpqqch7lqzumyznqa5fo/	Trust: 1.1
url:	https://access.redhat.com/security/cve/cve-2022-22719	Trust: 1.0
url:	https://jvn.jp/vu/jvnvu99602154/	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/z7h26wj6tpknwv3qky4bhkukqvutzjtd/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/x73c35mmmzgbvpqqch7lqzumyznqa5fo/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rgwilbort67shmslysqzg2nmxgcmpuzo/	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22721	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23943	Trust: 0.6
url:	httpd.apache.org/security/vulnerabilities_24.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1158	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1234	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022051703	Trust: 0.6
url:	https://packetstormsecurity.com/files/168565/red-hat-security-advisory-2022-6753-01.html	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-22719/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1078	Trust: 0.6
url:	https://packetstormsecurity.com/files/166355/ubuntu-security-notice-usn-5333-1.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022031727	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060706	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022041954	Trust: 0.6
url:	https://support.apple.com/en-us/ht213256	Trust: 0.6
url:	https://packetstormsecurity.com/files/167189/apple-security-advisory-2022-05-16-4.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/169770/red-hat-security-advisory-2022-7647-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/169845/red-hat-security-advisory-2022-8067-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/166365/ubuntu-security-notice-usn-5333-2.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022031416	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022031504	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2411	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022050324	Trust: 0.6
url:	https://packetstormsecurity.com/files/168072/gentoo-linux-security-advisory-202208-20.html	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apache-http-server-out-of-bounds-memory-reading-via-mod-lua-37792	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022032127	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-28614	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-29404	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-28615	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-30522	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-30556	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26377	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-30556	Trust: 0.3
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-28614	Trust: 0.3
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-28615	Trust: 0.3
url:	https://access.redhat.com/security/team/contact/	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-31813	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-30522	Trust: 0.3
url:	https://bugzilla.redhat.com/):	Trust: 0.3
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-22721	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-29404	Trust: 0.3
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-23943	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-26377	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-31813	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22720	Trust: 0.3
url:	https://ubuntu.com/security/notices/usn-5333-2	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44224	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-36160	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34798	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39275	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33193	Trust: 0.2
url:	https://ubuntu.com/security/notices/usn-5333-1	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/665.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://access.redhat.com/articles/6975397	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-36160	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-39275	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:6753	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-34798	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-44224	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33193	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:8067	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:7647	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44790	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41773	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41524	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-40438	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-42013	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache2/2.4.48-3.1ubuntu3.3	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.10	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.22	Trust: 0.1

CREDITS

Red Hat

Trust: 0.3

sources: PACKETSTORM: 168565 // PACKETSTORM: 169845 // PACKETSTORM: 169770

SOURCES

db:	VULHUB	id:	VHN-411395
db:	VULMON	id:	CVE-2022-22719
db:	PACKETSTORM	id:	168565
db:	PACKETSTORM	id:	169845
db:	PACKETSTORM	id:	169770
db:	PACKETSTORM	id:	168072
db:	PACKETSTORM	id:	166355
db:	PACKETSTORM	id:	166365
db:	JVNDB	id:	JVNDB-2022-001478
db:	CNNVD	id:	CNNVD-202203-1274
db:	NVD	id:	CVE-2022-22719

LAST UPDATE DATE

2025-06-26T22:19:08.747000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-411395	date:	2022-11-02T00:00:00
db:	VULMON	id:	CVE-2022-22719	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2022-001478	date:	2023-12-12T07:45:00
db:	CNNVD	id:	CNNVD-202203-1274	date:	2022-11-16T00:00:00
db:	NVD	id:	CVE-2022-22719	date:	2024-11-21T06:47:18.700

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-411395	date:	2022-03-14T00:00:00
db:	VULMON	id:	CVE-2022-22719	date:	2022-03-14T00:00:00
db:	PACKETSTORM	id:	168565	date:	2022-09-30T14:51:18
db:	PACKETSTORM	id:	169845	date:	2022-11-15T16:40:34
db:	PACKETSTORM	id:	169770	date:	2022-11-08T13:48:57
db:	PACKETSTORM	id:	168072	date:	2022-08-15T16:02:48
db:	PACKETSTORM	id:	166355	date:	2022-03-17T15:54:28
db:	PACKETSTORM	id:	166365	date:	2022-03-18T15:34:37
db:	JVNDB	id:	JVNDB-2022-001478	date:	2022-03-23T00:00:00
db:	CNNVD	id:	CNNVD-202203-1274	date:	2022-03-14T00:00:00
db:	NVD	id:	CVE-2022-22719	date:	2022-03-14T11:15:09.023