Request a Demo
Rewterz
Rewterz Threat Alert – DJVU Ransomware – Active IOCs
June 13, 2022
Rewterz
Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
June 13, 2022

Rewterz Threat Advisory – Multiple Apache HTTP Server Vulnerabilities

Severity

High

Analysis Summary

CVE-2022-30556 CVSS:5.3
Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by an error in mod_lua with websockets. An attacker could exploit this vulnerability to return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.

CVE-2022-31813 CVSS:5.3
Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by the failure to send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. An attacker could exploit this vulnerability to bypass IP based authentication on the origin server/application.

CVE-2022-30522 CVSS:5.3
Apache HTTP Server is vulnerable to a denial of service when configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large. By making excessively large memory allocations, a remote attacker could exploit this vulnerability to trigger an abort.

CVE-2022-28615 CVSS:6.5
Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. An attacker could exploit this vulnerability to crash or disclose information.

CVE-2022-28330 CVSS:5.3
Apache HTTP Server could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to read beyond bounds when configured to process requests with the mod_isapi module.

CVE-2022-28614 CVSS:5.3
Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by an error in the ap_rwrite() function. By reflecting very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function, an attacker could exploit this vulnerability to read unintended memory.

CVE-2022-29404 CVSS:5.3
Apache HTTP Server is vulnerable to a denial of service, caused by no default limit on possible input size. By sending a specially crafted request to a lua script that calls r:parsebody(0), an attacker could exploit this vulnerability to cause a denial of service.

Impact

  • Information Disclosure
  • Security Bypass
  • Denial of Service

Indicators Of Compromise

CVE

  • CVE-2022-30556
  • CVE-2022-31813
  • CVE-2022-30522
  • CVE-2022-28615
  • CVE-2022-28330
  • CVE-2022-28614
  • CVE-2022-29404

Affected Vendors

Apache

Affected Products

  • Apache HTTP Server 2.4.18
  • Apache HTTP Server 2.4.20
  • Apache HTTP Server 2.4.23
  • Apache HTTP Server 2.4.29

Remediation

Upgrade to the latest version of HTTP Server, available from the Apache Website.

Apache Website