Rewterz Threat Alert – DJVU Ransomware – Active IOCs
June 13, 2022Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
June 13, 2022Rewterz Threat Alert – DJVU Ransomware – Active IOCs
June 13, 2022Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
June 13, 2022Severity
High
Analysis Summary
CVE-2022-30556 CVSS:5.3
Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by an error in mod_lua with websockets. An attacker could exploit this vulnerability to return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.
CVE-2022-31813 CVSS:5.3
Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by the failure to send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. An attacker could exploit this vulnerability to bypass IP based authentication on the origin server/application.
CVE-2022-30522 CVSS:5.3
Apache HTTP Server is vulnerable to a denial of service when configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large. By making excessively large memory allocations, a remote attacker could exploit this vulnerability to trigger an abort.
CVE-2022-28615 CVSS:6.5
Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. An attacker could exploit this vulnerability to crash or disclose information.
CVE-2022-28330 CVSS:5.3
Apache HTTP Server could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to read beyond bounds when configured to process requests with the mod_isapi module.
CVE-2022-28614 CVSS:5.3
Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by an error in the ap_rwrite() function. By reflecting very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function, an attacker could exploit this vulnerability to read unintended memory.
CVE-2022-29404 CVSS:5.3
Apache HTTP Server is vulnerable to a denial of service, caused by no default limit on possible input size. By sending a specially crafted request to a lua script that calls r:parsebody(0), an attacker could exploit this vulnerability to cause a denial of service.
Impact
- Information Disclosure
- Security Bypass
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2022-30556
- CVE-2022-31813
- CVE-2022-30522
- CVE-2022-28615
- CVE-2022-28330
- CVE-2022-28614
- CVE-2022-29404
Affected Vendors
Apache
Affected Products
- Apache HTTP Server 2.4.18
- Apache HTTP Server 2.4.20
- Apache HTTP Server 2.4.23
- Apache HTTP Server 2.4.29
Remediation
Upgrade to the latest version of HTTP Server, available from the Apache Website.