Vulnerability Name:

CVE-2022-22721 (CCN-221666)

Assigned:2022-03-14
Published:2022-03-14
Updated:2022-11-02
Summary:If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.
CVSS v3 Severity:9.1 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)
7.9 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): High
7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
7.4 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H)
6.4 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-190
CWE-787
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2022-22721

Source: FULLDISC
Type: Third Party Advisory
20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina

Source: FULLDISC
Type: Third Party Advisory
20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6

Source: FULLDISC
Type: Third Party Advisory
20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20220314 CVE-2022-22721: Apache HTTP Server: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody

Source: XF
Type: UNKNOWN
apache-http-cve202222721-bo(221666)

Source: CCN
Type: Apache Web site
core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody

Source: MISC
Type: Vendor Advisory
https://httpd.apache.org/security/vulnerabilities_24.html

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-b4103753e9

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-78e3211c55

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-21264ec6db

Source: GENTOO
Type: Third Party Advisory
GLSA-202208-20

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20220321-0001/

Source: CCN
Type: Apple security document HT213255
About the security content of Security Update 2022-004 Catalina

Source: CCN
Type: Apple security document HT213256
About the security content of macOS Big Sur 11.6.6

Source: CCN
Type: Apple security document HT213257
About the security content of macOS Monterey 12.4

Source: CONFIRM
Type: Third Party Advisory
https://support.apple.com/kb/HT213255

Source: CONFIRM
Type: Third Party Advisory
https://support.apple.com/kb/HT213256

Source: CONFIRM
Type: Third Party Advisory
https://support.apple.com/kb/HT213257

Source: CCN
Type: IBM Security Bulletin 6565413 (HTTP Server)
Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server (CVE-2022-22719, CVE-2022-22720, CVE-2022-22721)

Source: CCN
Type: IBM Security Bulletin 6587106 (Netezza Performance Portal)
Vulnerabilities in IBM HTTP Server affect IBM Netezza Performance Portal

Source: CCN
Type: IBM Security Bulletin 6590977 (Tivoli Monitoring)
Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server

Source: CCN
Type: IBM Security Bulletin 6591347 (Security SiteProtector System)
IBM Security SiteProtector System is affected by multiple Apache HTTP Server Vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6594551 (i)
IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP request smuggling and a buffer overflow (CVE-2022-22720, CVE-2022-22721)

Source: CCN
Type: IBM Security Bulletin 6602977 (Rational Build Forge)
IBM Rational Build Forge is affected by Apache HTTP Server version used in it. (CVE-2022-22721)

Source: CCN
Type: IBM Security Bulletin 6618941 (Aspera Faspex)
IBM Aspera Faspex 4.4.2 has addressed multiple security vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6837651 (App Connect Enterprise Certified Container)
IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use Mapping Assistance may be vulnerable to arbitrary code execution due to CVE-2022-22721

Source: CCN
Type: IBM Security Bulletin 6952363 (Aspera Orchestrator)
IBM Aspera Orchestrator affected by buffer overflow vulnerability ( CVE-2022-22721)

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html

Source: CCN
Type: Oracle CPUJul2022
Oracle Critical Patch Update Advisory - July 2022

Source: N/A
Type: Third Party Advisory
N/A

Source: CCN
Type: ZDI-22-876
Apache HTTPD Server ap_escape_html2 Integer Overflow Remote Code Execution Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:http_server:*:*:*:*:*:*:*:* (Version <= 2.4.52)

    • Configuration 2:
  • cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:36:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version >= 10.15 and < 10.15.7)
  • OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*
  • OR cpe:/o:apple:macos:*:*:*:*:*:*:*:* (Version >= 11.0 and < 11.6.6)
  • OR cpe:/o:apple:macos:*:*:*:*:*:*:*:* (Version >= 12.0 and < 12.4)

    • Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:apache:http_server:2.4.7:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.4.8:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.4.9:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.4.10:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.4.12:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.4.18:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.4.20:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.4.17:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.4.23:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.4.29:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.4.33:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.4.30:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.4.25:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.4.26:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.4.27:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.4.28:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.4.34:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.4.35:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.4.36:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.4.37:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.4.38:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.4.38:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.4.39:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.4.16:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.4.41:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.4.43:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.4.46:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.4.48:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.4.49:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.4.50:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.4.51:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.4.52:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:http_server:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:http_server:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:http_server:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_siteprotector_system:3.1.1:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:7.4:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:7.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:aspera_faspex:4.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7434
    P
    		apache2-2.4.51-150400.6.11.1 on GA media (Moderate)
    2023-06-12
    oval:com.redhat.rhsa:def:20228067
    P
    		RHSA-2022:8067: httpd security, bug fix, and enhancement update (Moderate)
    2022-11-15
    oval:com.redhat.rhsa:def:20227647
    P
    		RHSA-2022:7647: httpd:2.4 security update (Moderate)
    2022-11-08
    oval:org.opensuse.security:def:3463
    P
    		cups-1.7.5-20.23.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:94492
    P
    		apache2-2.4.51-150400.4.6 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95093
    P
    		apache2-devel-2.4.51-150400.4.6 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:2862
    P
    		apache2-2.4.51-150400.4.6 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:119164
    P
    		Security update for apache2 (Important)
    2022-03-29
    oval:org.opensuse.security:def:102081
    P
    		Security update for apache2 (Important)
    2022-03-29
    oval:org.opensuse.security:def:99192
    P
    		 (Important)
    2022-03-29
    oval:org.opensuse.security:def:118667
    P
    		Security update for apache2 (Important)
    2022-03-29
    oval:org.opensuse.security:def:1652
    P
    		Security update for apache2 (Important)
    2022-03-29
    oval:org.opensuse.security:def:100389
    P
    		 (Important)
    2022-03-29
    oval:org.opensuse.security:def:119353
    P
    		Security update for apache2 (Important)
    2022-03-29
    oval:org.opensuse.security:def:102228
    P
    		Security update for apache2 (Important)
    2022-03-29
    oval:org.opensuse.security:def:99462
    P
    		 (Important)
    2022-03-29
    oval:org.opensuse.security:def:118857
    P
    		Security update for apache2 (Important)
    2022-03-29
    oval:org.opensuse.security:def:100722
    P
    		 (Important)
    2022-03-29
    oval:org.opensuse.security:def:119538
    P
    		Security update for apache2 (Important)
    2022-03-29
    oval:org.opensuse.security:def:842
    P
    		Security update for apache2 (Important)
    2022-03-29
    oval:org.opensuse.security:def:99724
    P
    		 (Important)
    2022-03-29
    oval:org.opensuse.security:def:119043
    P
    		Security update for apache2 (Important)
    2022-03-29
    oval:org.opensuse.security:def:101573
    P
    		Security update for apache2 (Important)
    2022-03-29
    oval:org.opensuse.security:def:1501
    P
    		Security update for apache2 (Important)
    2022-03-29
    oval:org.opensuse.security:def:100055
    P
    		 (Important)
    2022-03-29
    oval:org.opensuse.security:def:126988
    P
    		Security update for apache2 (Important)
    2022-03-21
    oval:org.opensuse.security:def:127386
    P
    		Security update for apache2 (Important)
    2022-03-21
    oval:org.opensuse.security:def:5376
    P
    		Security update for apache2 (Important)
    2022-03-21
    oval:org.opensuse.security:def:125826
    P
    		Security update for apache2 (Important)
    2022-03-21
    oval:org.opensuse.security:def:6205
    P
    		Security update for apache2 (Important)
    2022-03-21
    BACK
    apache http server *
    fedoraproject fedora 34
    fedoraproject fedora 35
    fedoraproject fedora 36
    debian debian linux 9.0
    oracle http server 12.2.1.3.0
    oracle http server 12.2.1.4.0
    oracle enterprise manager ops center 12.4.0.0
    oracle zfs storage appliance kit 8.8
    apple mac os x *
    apple mac os x 10.15.7 security_update_2020-001
    apple mac os x 10.15.7 security_update_2021-001
    apple mac os x 10.15.7 security_update_2021-002
    apple mac os x 10.15.7 security_update_2021-003
    apple mac os x 10.15.7 security_update_2021-004
    apple mac os x 10.15.7 security_update_2021-005
    apple mac os x 10.15.7 security_update_2021-006
    apple mac os x 10.15.7 security_update_2021-008
    apple mac os x 10.15.7 security_update_2021-007
    apple mac os x 10.15.7 security_update_2022-001
    apple mac os x 10.15.7 security_update_2022-002
    apple mac os x 10.15.7 security_update_2022-003
    apple macos *
    apple macos *
    apache http server 2.4.7
    apache http server 2.4.8
    apache http server 2.4.9
    apache http server 2.4.10
    apache http server 2.4.12
    apache http server 2.4.18
    apache http server 2.4.20
    apache http server 2.4.17
    apache http server 2.4.23
    apache http server 2.4.29
    apache http server 2.4.33
    apache http server 2.4.30
    apache http server 2.4.25
    apache http server 2.4.26
    apache http server 2.4.27
    apache http server 2.4.28
    apache http server 2.4.34
    apache http server 2.4.35
    apache http server 2.4.36
    apache http server 2.4.37
    apache http server 2.4.38
    apache http server 2.4.38
    apache http server 2.4.39
    apache http server 2.4.16
    apache http server 2.4.41
    apache http server 2.4.43
    apache http server 2.4.46
    apache http server 2.4.48
    apache http server 2.4.49
    apache http server 2.4.50
    apache http server 2.4.51
    apache http server 2.4.52
    ibm http server 7.0
    ibm http server 8.0
    ibm http server 8.5
    ibm tivoli monitoring 6.3.0
    ibm i 7.2
    ibm security siteprotector system 3.1.1
    ibm i 7.3
    ibm i 7.4
    ibm i 7.5
    ibm aspera faspex 4.4.1
    ibm app connect enterprise certified container 4.2