Description

The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function.

Remediation

References

CVE-2022-28614

Related Vulnerabilities

WordPress Plugin WP Symposium Multiple Vulnerabilities (14.10)

WebLogic CVE-2017-3248 Vulnerability (CVE-2017-3248)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-6378)

WordPress Plugin MW Font Changer Cross-Site Scripting (4.2.5)

WordPress Plugin Comment Rating 'path' Parameter Cross-Site Scripting (2.9.20)

Severity

Medium

Classification

CVE-2022-28614

Tags

Missing Update Known Vulnerabilities