Description

The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function.

Remediation

References

CVE-2022-28614

Related Vulnerabilities

Liferay Portal Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2022-42129)

WordPress Plugin Contentboxes Cross-Site Scripting (1.1)

Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2022-29933)

Mailman Other Vulnerability (CVE-2000-0861)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1832)

Severity

Medium

Classification

CVE-2022-28614

Tags

Missing Update Known Vulnerabilities