Description

The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function.

Remediation

References

CVE-2022-28614

Related Vulnerabilities

WordPress Plugin Delete Duplicate Posts Security Bypass (4.1.9.4)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-27131)

Envoy Proxy Improper Encoding or Escaping of Output Vulnerability (CVE-2023-35941)

WordPress Plugin Yahoo! Updates for WordPress Multiple Cross-Site Scripting Vulnerabilities (1.0)

PostgreSQL Cryptographic Issues Vulnerability (CVE-2012-2143)

Severity

Medium

Classification

CVE-2022-28614

Tags

Missing Update Known Vulnerabilities