Oval Definition:oval:org.opensuse.security:def:20222255
Revision Date:2022-09-02Version:1
Title:CVE-2022-2255
Description:

A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2022-2255
SUSE CVE-2022-2255
Platform(s):SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise High Performance Computing 15 SP4
SUSE Linux Enterprise Module for Public Cloud 15 SP2
SUSE Linux Enterprise Module for Public Cloud 15 SP4
SUSE Linux Enterprise Module for Server Applications 15 SP4
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server 15 SP4
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.3
Product(s):
Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Performance Computing 15 SP4 is installed
  • OR SUSE Linux Enterprise Module for Public Cloud 15 SP4 is installed
  • OR SUSE Linux Enterprise Server 15 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP4 is installed
  • OR SUSE Manager Proxy 4.3 is installed
  • OR SUSE Manager Retail Branch Server 4.3 is installed
  • OR SUSE Manager Server 4.3 is installed
  • AND apache2-mod_wsgi is affected
  • OR Package Information
  • SUSE Linux Enterprise High Performance Computing 15 SP4 is installed
  • OR SUSE Linux Enterprise Module for Server Applications 15 SP4 is installed
  • OR SUSE Linux Enterprise Server 15 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP4 is installed
  • OR SUSE Manager Proxy 4.3 is installed
  • OR SUSE Manager Retail Branch Server 4.3 is installed
  • OR SUSE Manager Server 4.3 is installed
  • AND apache2-mod_wsgi-python3 is affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Performance Computing 15 SP2 is installed
  • OR SUSE Linux Enterprise Module for Public Cloud 15 SP2 is installed
  • OR SUSE Linux Enterprise Server 15 SP2 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed
  • OR SUSE Linux Enterprise Storage 7 is installed
  • OR SUSE Manager Proxy 4.1 is installed
  • OR SUSE Manager Retail Branch Server 4.1 is installed
  • OR SUSE Manager Server 4.1 is installed
  • AND apache2-mod_wsgi is affected
  • OR Package Information
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed
  • AND apache2-mod_wsgi-python3 is affected
    • BACK