| { |
| "containers": { |
| "cna": { |
| "affected": [ |
| { |
| "product": "Apache HTTP Server", |
| "vendor": "Apache Software Foundation", |
| "versions": [ |
| { |
| "lessThanOrEqual": "2.4.53", |
| "status": "affected", |
| "version": "unspecified", |
| "versionType": "custom" |
| } |
| ] |
| } |
| ], |
| "credits": [ |
| { |
| "lang": "en", |
| "value": "The Apache HTTP Server project would like to thank Ronald Crane (Zippenhop LLC) for reporting this issue" |
| } |
| ], |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer." |
| } |
| ], |
| "metrics": [ |
| { |
| "other": { |
| "content": { |
| "other": "low" |
| }, |
| "type": "unknown" |
| } |
| } |
| ], |
| "problemTypes": [ |
| { |
| "descriptions": [ |
| { |
| "cweId": "CWE-200", |
| "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", |
| "lang": "en", |
| "type": "CWE" |
| } |
| ] |
| } |
| ], |
| "providerMetadata": { |
| "orgId": "Not found", |
| "shortName": "Not found" |
| }, |
| "references": [ |
| { |
| "tags": [ |
| "x_refsource_CONFIRM" |
| ], |
| "url": "https://httpd.apache.org/security/vulnerabilities_24.html" |
| } |
| ], |
| "source": { |
| "discovery": "UNKNOWN" |
| }, |
| "timeline": [ |
| { |
| "lang": "en", |
| "time": "2022-06-08T00:00:00", |
| "value": "released in 2.4.54" |
| } |
| ], |
| "title": "Information Disclosure in mod_lua with websockets", |
| "x_ValidationErrors": [ |
| "$.cveMetadata.assignerOrgId -- validator = pattern", |
| "$.containers.cna.providerMetadata.orgId -- validator = pattern" |
| ], |
| "x_generator": { |
| "engine": "Vulnogram 0.0.9" |
| }, |
| "x_legacyV4Record": { |
| "CNA_private": { |
| "CVE_list": [], |
| "CVE_table_description": [], |
| "email": "", |
| "emailed": "yes", |
| "internal_comments": "", |
| "owner": "httpd", |
| "publish": { |
| "month": "", |
| "year": "", |
| "ym": "" |
| }, |
| "share_with_CVE": true, |
| "todo": [], |
| "userslist": "dev@httpd.apache.org" |
| }, |
| "CVE_data_meta": { |
| "AKA": "", |
| "ASSIGNER": "security@apache.org", |
| "DATE_PUBLIC": "", |
| "ID": "CVE-2022-30556", |
| "STATE": "PUBLIC", |
| "TITLE": "Information Disclosure in mod_lua with websockets" |
| }, |
| "affects": { |
| "vendor": { |
| "vendor_data": [ |
| { |
| "product": { |
| "product_data": [ |
| { |
| "product_name": "Apache HTTP Server", |
| "version": { |
| "version_data": [ |
| { |
| "platform": "", |
| "version_affected": "<=", |
| "version_name": "", |
| "version_value": "2.4.53" |
| } |
| ] |
| } |
| } |
| ] |
| }, |
| "vendor_name": "Apache Software Foundation" |
| } |
| ] |
| } |
| }, |
| "configuration": [], |
| "credit": [ |
| { |
| "lang": "eng", |
| "value": "The Apache HTTP Server project would like to thank Ronald Crane (Zippenhop LLC) for reporting this issue" |
| } |
| ], |
| "data_format": "MITRE", |
| "data_type": "CVE", |
| "data_version": "4.0", |
| "description": { |
| "description_data": [ |
| { |
| "lang": "eng", |
| "value": "Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer." |
| } |
| ] |
| }, |
| "exploit": [], |
| "generator": { |
| "engine": "Vulnogram 0.0.9" |
| }, |
| "impact": [ |
| { |
| "other": "low" |
| } |
| ], |
| "problemtype": { |
| "problemtype_data": [ |
| { |
| "description": [ |
| { |
| "lang": "eng", |
| "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor" |
| } |
| ] |
| } |
| ] |
| }, |
| "references": { |
| "reference_data": [ |
| { |
| "name": "", |
| "refsource": "CONFIRM", |
| "url": "https://httpd.apache.org/security/vulnerabilities_24.html" |
| } |
| ] |
| }, |
| "solution": [], |
| "source": { |
| "advisory": "", |
| "defect": [], |
| "discovery": "UNKNOWN" |
| }, |
| "timeline": [ |
| { |
| "lang": "en", |
| "time": "2022-06-08T00:00:00", |
| "value": "released in 2.4.54" |
| } |
| ], |
| "work_around": [] |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "Not found", |
| "assignerShortName": "Not found", |
| "cveId": "CVE-2022-30556", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |