| Vulnerability Name: | CVE-2022-28330 (CCN-228341) |
| Assigned: | 2022-06-08 |
| Published: | 2022-06-08 |
| Updated: | 2022-06-24 |
| Summary: | Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.
|
| CVSS v3 Severity: | 5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): Low
Integrity (I): None
Availibility (A): None |
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): Low
Integrity (I): None
Availibility (A): None |
|
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None |
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None |
|
| Vulnerability Type: | CWE-125
|
| Vulnerability Consequences: | Obtain Information |
| References: | Source: MITRE
Type: CNA
CVE-2022-28330
Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20220608 CVE-2022-28330: Apache HTTP Server: read beyond bounds in mod_isapi
Source: XF
Type: UNKNOWN
apache-http-cve202228330-info-disc(228341)
Source: CCN
Type: Apache Web site
read beyond bounds in mod_isapi
Source: MISC
Type: Vendor Advisory
https://httpd.apache.org/security/vulnerabilities_24.html
Source: CCN
Type: oss-sec Mailing List, Wed, 08 Jun 2022 09:43:16 +0000
CVE-2022-28330: Apache HTTP Server: read beyond bounds in mod_isapi
Source: CONFIRM
Type: UNKNOWN
https://security.netapp.com/advisory/ntap-20220624-0005/
Source: CCN
Type: IBM Security Bulletin 6606237 (Rational Build Forge)
IBM Rational Build Forge is vulnerable to disclosure of sensitive information due to use of Apache HTTP server (CVE-2022-28330).
Source: CCN
Type: IBM Security Bulletin 6952319 (Aspera Faspex)
IBM Aspera Faspex 4.4.2 PL2 has addressed multiple vulnerabilities (CVE-2022-28330, CVE-2023-22868, CVE-2022-30556, CVE-2022-31813, CVE-2022-30522, CVE-2022-47986, CVE-2022-28615, CVE-2022-26377, CVE-2018-25032, CVE-2022-2068)
Source: CCN
Type: IBM Security Bulletin 6952351 (Aspera Orchestrator)
IBM Aspera Orchestrator affected by vulnerability (CVE-2022-28330)
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:apache:http_server:*:*:*:*:*:*:*:* (Version <= 2.4.53)AND cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*
Configuration CCN 1:
cpe:/a:apache:http_server:2.4.18:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.4.20:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.4.23:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.4.29:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.4.33:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.4.25:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.4.26:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.4.27:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.4.28:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.4.34:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.4.35:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.4.37:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.4.38:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.4.39:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.4.41:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.4.43:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.4.46:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.4.48:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.4.49:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.4.50:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.4.51:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.4.52:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.4.53:*:*:*:*:*:*:*AND cpe:/a:ibm:aspera_faspex:4.4.1:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| BACK |
apache http server *
microsoft windows -
apache http server 2.4.18
apache http server 2.4.20
apache http server 2.4.23
apache http server 2.4.29
apache http server 2.4.33
apache http server 2.4.25
apache http server 2.4.26
apache http server 2.4.27
apache http server 2.4.28
apache http server 2.4.34
apache http server 2.4.35
apache http server 2.4.37
apache http server 2.4.38
apache http server 2.4.39
apache http server 2.4.41
apache http server 2.4.43
apache http server 2.4.46
apache http server 2.4.48
apache http server 2.4.49
apache http server 2.4.50
apache http server 2.4.51
apache http server 2.4.52
apache http server 2.4.53
ibm aspera faspex 4.4.1