| { |
| "data_type": "CVE", |
| "data_format": "MITRE", |
| "data_version": "4.0", |
| "generator": { |
| "engine": "Vulnogram 0.0.9" |
| }, |
| "CVE_data_meta": { |
| "ID": "CVE-2022-28614", |
| "ASSIGNER": "security@apache.org", |
| "DATE_PUBLIC": "", |
| "TITLE": "read beyond bounds via ap_rwrite() ", |
| "AKA": "", |
| "STATE": "PUBLIC" |
| }, |
| "source": { |
| "defect": [], |
| "advisory": "", |
| "discovery": "UNKNOWN" |
| }, |
| "affects": { |
| "vendor": { |
| "vendor_data": [ |
| { |
| "vendor_name": "Apache Software Foundation", |
| "product": { |
| "product_data": [ |
| { |
| "product_name": "Apache HTTP Server", |
| "version": { |
| "version_data": [ |
| { |
| "version_name": "", |
| "version_affected": "<=", |
| "version_value": "2.4.53", |
| "platform": "" |
| } |
| ] |
| } |
| } |
| ] |
| } |
| } |
| ] |
| } |
| }, |
| "problemtype": { |
| "problemtype_data": [ |
| { |
| "description": [ |
| { |
| "lang": "eng", |
| "value": "CWE-190 Integer Overflow or Wraparound" |
| } |
| ] |
| }, |
| { |
| "description": [ |
| { |
| "lang": "eng", |
| "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor" |
| } |
| ] |
| } |
| ] |
| }, |
| "description": { |
| "description_data": [ |
| { |
| "value": "The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function.\n\nModules compiled and distributed separately from Apache HTTP Server that use the \"ap_rputs\" function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve\nthe issue.", |
| "lang": "eng" |
| } |
| ] |
| }, |
| "references": { |
| "reference_data": [ |
| { |
| "refsource": "CONFIRM", |
| "url": "https://httpd.apache.org/security/vulnerabilities_24.html", |
| "name": "" |
| } |
| ] |
| }, |
| "configuration": [], |
| "impact": [ |
| { |
| "other": "low" |
| } |
| ], |
| "exploit": [], |
| "work_around": [], |
| "solution": [], |
| "credit": [ |
| { |
| "lang": "eng", |
| "value": "The Apache HTTP Server project would like to thank Ronald Crane (Zippenhop LLC) for reporting this issue" |
| } |
| ], |
| "CNA_private": { |
| "owner": "httpd", |
| "publish": { |
| "ym": "", |
| "year": "", |
| "month": "" |
| }, |
| "share_with_CVE": true, |
| "CVE_table_description": [], |
| "CVE_list": [], |
| "internal_comments": "", |
| "todo": [], |
| "emailed": "yes", |
| "userslist": "dev@httpd.apache.org", |
| "email": "" |
| }, |
| "timeline": [ |
| { |
| "time": "2022-06-08", |
| "lang": "eng", |
| "value": "released in 2.4.54" |
| } |
| ] |
| } |