Apache 2.4 Vulnerabilities
search cancel

Apache 2.4 Vulnerabilities


Article ID: 277855


Updated On:


CA Automic Dollar Universe


Multiple vulnerabilities reported during scan identified by below CVE's

CVE-2022-26377, CVE-2022-28330, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30522, CVE-2022-30556, CVE-2022-31813


Component: Dollar Universe 6.x, 7.x


  • CVE-2022-26377 : This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.
  • CVE-2022-28330 : Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.
  • CVE-2022-28614 : The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory, if server uses the 'ap_rputs' function
  • CVE-2022-28615 : Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer.
  • CVE-2022-29404 : In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.
  • CVE-2022-30522 : If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.
  • CVE-2022-30556 : Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.
  • CVE-2022-31813 : Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application

The above vulnerabilities are about the Apache HTTP server and components of Dollar Universe are not impacted by above, as we don't use the Apache HTTP Server.

Please refer Third Party Software  Acknowledgements for more details around 3rd party libraries/software used in Dollar Universe.