Vulnerability CVE-2022-28614

Vulnerability Name:

CVE-2022-28614 (CCN-228342)

Assigned:

2022-06-08

Published:

2022-06-08

Updated:

2022-08-24

Summary:

The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.

CVSS v3 Severity:

5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

5.3 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-190
CWE-200

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2022-28614

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20220608 CVE-2022-28614: Apache HTTP Server: read beyond bounds via ap_rwrite()

Source: XF
Type: UNKNOWN
apache-http-cve202228614-info-disc(228342)

Source: CCN
Type: Apache Web site
read beyond bounds via ap_rwrite()

Source: MISC
Type: Vendor Advisory
https://httpd.apache.org/security/vulnerabilities_24.html

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-b54a8dee29

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-e620fb15d5

Source: CCN
Type: oss-sec Mailing List, Wed, 08 Jun 2022 09:43:25 +0000
CVE-2022-28614: Apache HTTP Server: read beyond bounds via ap_rwrite()

Source: GENTOO
Type: Third Party Advisory
GLSA-202208-20

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20220624-0005/

Source: CCN
Type: IBM Security Bulletin 6595149 (HTTP Server)
Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server

Source: CCN
Type: IBM Security Bulletin 6607876 (i)
IBM HTTP Server (powered by Apache) for IBM i is vulnerable to bypass security restrictions and obtain sensitive information due to multiple vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6607888 (Tivoli Monitoring)
Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server

Source: CCN
Type: IBM Security Bulletin 6610841 (Security SiteProtector System)
IBM Security SiteProtector System is affected by multiple Apache HTTP Server Vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6837595 (App Connect Enterprise Certified Container)
IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use Mapping Assistance may be vulnerable to loss of confidentiality due to CVE-2022-28614

Source: CCN
Type: IBM Security Bulletin 6952723 (Aspera Orchestrator)
IBM Aspera Orchestrator affected by an Apache HTTP Server vulnerability (CVE-2022-28614)

Vulnerable Configuration:

Configuration 1:

cpe:/a:apache:http_server:*:*:*:*:*:*:*:* (Version <= 2.4.53)

Configuration 2:

cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*

Configuration RedHat 4:

cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*

Configuration CCN 1:

cpe:/a:apache:http_server:2.4.18:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.4.20:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.4.23:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.4.29:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.4.33:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.4.25:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.4.26:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.4.27:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.4.28:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.4.34:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.4.35:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.4.37:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.4.38:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.4.39:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.4.41:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.4.43:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.4.46:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.4.48:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.4.49:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.4.50:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.4.51:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.4.52:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.4.53:*:*:*:*:*:*:*

AND

cpe:/a:ibm:http_server:7.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:http_server:8.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:http_server:8.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_monitoring:6.3.0:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_siteprotector_system:3.1.1:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.3:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.4:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7434	P	apache2-2.4.51-150400.6.11.1 on GA media (Moderate)	2023-06-12
oval:com.redhat.rhsa:def:20228067	P	RHSA-2022:8067: httpd security, bug fix, and enhancement update (Moderate)	2022-11-15
oval:com.redhat.rhsa:def:20227647	P	RHSA-2022:7647: httpd:2.4 security update (Moderate)	2022-11-08
oval:org.opensuse.security:def:119249	P	Security update for apache2 (Important)	2022-07-08
oval:org.opensuse.security:def:119440	P	Security update for apache2 (Important)	2022-07-08
oval:org.opensuse.security:def:118754	P	Security update for apache2 (Important)	2022-07-08
oval:org.opensuse.security:def:119625	P	Security update for apache2 (Important)	2022-07-08
oval:org.opensuse.security:def:118944	P	Security update for apache2 (Important)	2022-07-08
oval:org.opensuse.security:def:95252	P	Security update for apache2 (Important)	2022-07-06
oval:org.opensuse.security:def:93306	P	(Important)	2022-07-06
oval:org.opensuse.security:def:94039	P	(Important)	2022-07-06
oval:org.opensuse.security:def:3740	P	Security update for apache2 (Important)	2022-07-06
oval:org.opensuse.security:def:95370	P	Security update for apache2 (Important)	2022-07-06
oval:org.opensuse.security:def:93464	P	(Important)	2022-07-06
oval:org.opensuse.security:def:94251	P	(Important)	2022-07-06
oval:org.opensuse.security:def:3763	P	Security update for apache2 (Important)	2022-07-06
oval:org.opensuse.security:def:95396	P	Security update for apache2 (Important)	2022-07-06
oval:org.opensuse.security:def:93618	P	(Important)	2022-07-06
oval:org.opensuse.security:def:554	P	Security update for apache2 (Important)	2022-07-06
oval:org.opensuse.security:def:94460	P	(Important)	2022-07-06
oval:org.opensuse.security:def:93146	P	(Important)	2022-07-06
oval:org.opensuse.security:def:93825	P	(Important)	2022-07-06
oval:org.opensuse.security:def:3622	P	Security update for apache2 (Important)	2022-07-06
oval:org.opensuse.security:def:126900	P	Security update for apache2 (Important)	2022-06-16
oval:org.opensuse.security:def:6073	P	Security update for apache2 (Important)	2022-06-16
oval:org.opensuse.security:def:127297	P	Security update for apache2 (Important)	2022-06-16
oval:org.opensuse.security:def:125734	P	Security update for apache2 (Important)	2022-06-16
oval:org.opensuse.security:def:5275	P	Security update for apache2 (Important)	2022-06-16
oval:org.opensuse.security:def:931	P	Security update for apache2 (Important) (in QA)	2022-06-14
oval:org.opensuse.security:def:1528	P	Security update for apache2 (Important) (in QA)	2022-06-14
oval:org.opensuse.security:def:1682	P	Security update for apache2 (Important) (in QA)	2022-06-14

BACK