From 4a2d260d3a0ad95b5d1201c28026f098283914de Mon Sep 17 00:00:00 2001 From: "Mark J. Cox" Date: Wed, 8 Jun 2022 10:59:03 +0100 Subject: [PATCH] Apache httpd --- 2022/26xxx/CVE-2022-26377.json | 91 ++++++++++++++++++++++++++++++--- 2022/28xxx/CVE-2022-28330.json | 87 ++++++++++++++++++++++++++++--- 2022/28xxx/CVE-2022-28614.json | 93 +++++++++++++++++++++++++++++++--- 2022/28xxx/CVE-2022-28615.json | 86 ++++++++++++++++++++++++++++--- 2022/29xxx/CVE-2022-29404.json | 85 ++++++++++++++++++++++++++++--- 2022/30xxx/CVE-2022-30522.json | 85 ++++++++++++++++++++++++++++--- 2022/30xxx/CVE-2022-30556.json | 85 ++++++++++++++++++++++++++++--- 2022/31xxx/CVE-2022-31813.json | 86 ++++++++++++++++++++++++++++--- 8 files changed, 634 insertions(+), 64 deletions(-) diff --git a/2022/26xxx/CVE-2022-26377.json b/2022/26xxx/CVE-2022-26377.json index 8cea3c09ce1..be8fb82b16a 100644 --- a/2022/26xxx/CVE-2022-26377.json +++ b/2022/26xxx/CVE-2022-26377.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@apache.org", "ID": "CVE-2022-26377", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "mod_proxy_ajp: Possible request smuggling" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache HTTP Server", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "Apache HTTP Server 2.4", + "version_value": "2.4.53" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Ricter Z @ 360 Noah Lab" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions." } ] - } -} \ No newline at end of file + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": [ + { + "other": "moderate" + } + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://httpd.apache.org/security/vulnerabilities_24.html" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + }, + "timeline": [ + { + "lang": "eng", + "time": "2022-03-02", + "value": "Reported to security team" + }, + { + "lang": "eng", + "time": "2022-06-08", + "value": "released in 2.4.54" + } + ] +} diff --git a/2022/28xxx/CVE-2022-28330.json b/2022/28xxx/CVE-2022-28330.json index 88461d9346e..2b96771d7fb 100644 --- a/2022/28xxx/CVE-2022-28330.json +++ b/2022/28xxx/CVE-2022-28330.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@apache.org", "ID": "CVE-2022-28330", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "read beyond bounds in mod_isapi" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache HTTP Server", + "version": { + "version_data": [ + { + "platform": "Windows", + "version_affected": "<=", + "version_name": "Apache HTTP Server", + "version_value": "2.4.53" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "The Apache HTTP Server project would like to thank Ronald Crane (Zippenhop LLC) for reporting this issue" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module. " } ] - } -} \ No newline at end of file + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": [ + { + "other": "low" + } + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://httpd.apache.org/security/vulnerabilities_24.html" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + }, + "timeline": [ + { + "lang": "eng", + "time": "2022-06-08", + "value": "released in 2.4.54" + } + ] +} diff --git a/2022/28xxx/CVE-2022-28614.json b/2022/28xxx/CVE-2022-28614.json index a298dcc1394..e4d406740f2 100644 --- a/2022/28xxx/CVE-2022-28614.json +++ b/2022/28xxx/CVE-2022-28614.json @@ -1,18 +1,95 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@apache.org", "ID": "CVE-2022-28614", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "read beyond bounds via ap_rwrite() " }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache HTTP Server", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2.4.53" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "The Apache HTTP Server project would like to thank Ronald Crane (Zippenhop LLC) for reporting this issue" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function." } ] - } -} \ No newline at end of file + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": [ + { + "other": "low" + } + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190 Integer Overflow or Wraparound" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://httpd.apache.org/security/vulnerabilities_24.html" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + }, + "timeline": [ + { + "lang": "eng", + "time": "2022-06-08", + "value": "released in 2.4.54" + } + ] +} diff --git a/2022/28xxx/CVE-2022-28615.json b/2022/28xxx/CVE-2022-28615.json index 8e336d875dd..fbb067fbeb7 100644 --- a/2022/28xxx/CVE-2022-28615.json +++ b/2022/28xxx/CVE-2022-28615.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@apache.org", "ID": "CVE-2022-28615", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Read beyond bounds in ap_strcmp_match()" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache HTTP Server", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "Apache HTTP Server", + "version_value": "2.4.53" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "The Apache HTTP Server project would like to thank Ronald Crane (Zippenhop LLC) for reporting this issue" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected." } ] - } -} \ No newline at end of file + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": [ + { + "other": "low" + } + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190 Integer Overflow or Wraparound" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://httpd.apache.org/security/vulnerabilities_24.html" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + }, + "timeline": [ + { + "lang": "eng", + "time": "2022-06-08", + "value": "released in 2.4.54" + } + ] +} diff --git a/2022/29xxx/CVE-2022-29404.json b/2022/29xxx/CVE-2022-29404.json index f02329dea52..a1aa16eb0f1 100644 --- a/2022/29xxx/CVE-2022-29404.json +++ b/2022/29xxx/CVE-2022-29404.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@apache.org", "ID": "CVE-2022-29404", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Denial of service in mod_lua r:parsebody" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache HTTP Server", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2.4.53" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "The Apache HTTP Server project would like to thank Ronald Crane (Zippenhop LLC) for reporting this issue" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size." } ] - } -} \ No newline at end of file + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": [ + { + "other": "low" + } + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-770: Allocation of Resources Without Limits or Throttling" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://httpd.apache.org/security/vulnerabilities_24.html" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + }, + "timeline": [ + { + "lang": "eng", + "time": "2022-06-08", + "value": "released in 2.4.54" + } + ] +} diff --git a/2022/30xxx/CVE-2022-30522.json b/2022/30xxx/CVE-2022-30522.json index 84c96f44124..79168979131 100644 --- a/2022/30xxx/CVE-2022-30522.json +++ b/2022/30xxx/CVE-2022-30522.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@apache.org", "ID": "CVE-2022-30522", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "mod_sed denial of service" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache HTTP Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.4.53" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This issue was found by Brian Moussalli from the JFrog Security Research team" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort." } ] - } -} \ No newline at end of file + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": [ + { + "other": "low" + } + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-789: Memory Allocation with Excessive Size Value" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://httpd.apache.org/security/vulnerabilities_24.html" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + }, + "timeline": [ + { + "lang": "eng", + "time": "2022-06-08", + "value": "released in 2.4.54" + } + ] +} diff --git a/2022/30xxx/CVE-2022-30556.json b/2022/30xxx/CVE-2022-30556.json index 9e19a58e5a9..d7e8fa3c4a5 100644 --- a/2022/30xxx/CVE-2022-30556.json +++ b/2022/30xxx/CVE-2022-30556.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@apache.org", "ID": "CVE-2022-30556", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Information Disclosure in mod_lua with websockets" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache HTTP Server", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2.4.53" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "The Apache HTTP Server project would like to thank Ronald Crane (Zippenhop LLC) for reporting this issue" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer." } ] - } -} \ No newline at end of file + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": [ + { + "other": "low" + } + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://httpd.apache.org/security/vulnerabilities_24.html" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + }, + "timeline": [ + { + "lang": "eng", + "time": "2022-06-08", + "value": "released in 2.4.54" + } + ] +} diff --git a/2022/31xxx/CVE-2022-31813.json b/2022/31xxx/CVE-2022-31813.json index a293ede29f8..a3b6f75fe54 100644 --- a/2022/31xxx/CVE-2022-31813.json +++ b/2022/31xxx/CVE-2022-31813.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@apache.org", "ID": "CVE-2022-31813", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache HTTP Server", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "Apache HTTP Server 2.4", + "version_value": "2.4.53" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "The Apache HTTP Server project would like to thank Gaetan Ferry (Synacktiv) for reporting this issue" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism.\nThis may be used to bypass IP based authentication on the origin server/application." } ] - } -} \ No newline at end of file + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": [ + { + "other": "low" + } + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-348 Use of Less Trusted Source" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://httpd.apache.org/security/vulnerabilities_24.html" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + }, + "timeline": [ + { + "lang": "eng", + "time": "2022-06-08", + "value": "released in 2.4.54" + } + ] +}