Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-23943 (GCVE-0-2022-23943)
Vulnerability from cvelistv5 – Published: 2022-03-14 10:15 – Updated: 2024-08-03 03:59
VLAI
EPSS
Title
mod_sed: Read/write beyond bounds
Summary
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.
Severity
No CVSS data available.
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://httpd.apache.org/security/vulnerabilities… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2022/03/14/1 | mailing-listx_refsource_MLIST |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-listx_refsource_MLIST |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC |
| https://www.tenable.com/security/tns-2022-08 | x_refsource_CONFIRM |
| https://security.netapp.com/advisory/ntap-2022032… | x_refsource_CONFIRM |
| https://www.tenable.com/security/tns-2022-09 | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/202208-20 | vendor-advisoryx_refsource_GENTOO |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache HTTP Server |
Affected:
2.4 , ≤ 2.4.52
(custom)
|
Credits
Ronald Crane (Zippenhop LLC)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "[oss-security] 20220314 CVE-2022-23943: Apache HTTP Server: mod_sed: Read/write beyond bounds",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/03/14/1"
},
{
"name": "FEDORA-2022-b4103753e9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/"
},
{
"name": "[debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html"
},
{
"name": "FEDORA-2022-21264ec6db",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/"
},
{
"name": "FEDORA-2022-78e3211c55",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2022-08"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220321-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2022-09"
},
{
"name": "GLSA-202208-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-20"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache HTTP Server",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.4.52",
"status": "affected",
"version": "2.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ronald Crane (Zippenhop LLC)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions."
}
],
"metrics": [
{
"other": {
"content": {
"other": "important"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-14T01:07:51.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "[oss-security] 20220314 CVE-2022-23943: Apache HTTP Server: mod_sed: Read/write beyond bounds",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/03/14/1"
},
{
"name": "FEDORA-2022-b4103753e9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/"
},
{
"name": "[debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html"
},
{
"name": "FEDORA-2022-21264ec6db",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/"
},
{
"name": "FEDORA-2022-78e3211c55",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2022-08"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220321-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2022-09"
},
{
"name": "GLSA-202208-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-20"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2022-01-13T00:00:00.000Z",
"value": "Reported to security team"
}
],
"title": "mod_sed: Read/write beyond bounds",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2022-23943",
"STATE": "PUBLIC",
"TITLE": "mod_sed: Read/write beyond bounds"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.4",
"version_value": "2.4.52"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ronald Crane (Zippenhop LLC)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "important"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "MISC",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "[oss-security] 20220314 CVE-2022-23943: Apache HTTP Server: mod_sed: Read/write beyond bounds",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/03/14/1"
},
{
"name": "FEDORA-2022-b4103753e9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/"
},
{
"name": "[debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html"
},
{
"name": "FEDORA-2022-21264ec6db",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/"
},
{
"name": "FEDORA-2022-78e3211c55",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://www.tenable.com/security/tns-2022-08",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2022-08"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220321-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220321-0001/"
},
{
"name": "https://www.tenable.com/security/tns-2022-09",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2022-09"
},
{
"name": "GLSA-202208-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-20"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2022-01-13T00:00:00.000Z",
"value": "Reported to security team"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-23943",
"datePublished": "2022-03-14T10:15:54.000Z",
"dateReserved": "2022-01-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:59:23.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-23943",
"date": "2026-06-04",
"epss": "0.60552",
"percentile": "0.98313"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.4.0\", \"versionEndIncluding\": \"2.4.52\", \"matchCriteriaId\": \"7B9D7ED5-E23A-4A60-9A6D-AB0D9BF73775\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A930E247-0B43-43CB-98FF-6CE7B8189835\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DFC79B17-E9D2-44D5-93ED-2F959E7A3D43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD04BEE5-E9A8-4584-A68C-0195CE9C402C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3E503FB-6279-4D4A-91D8-E237ECF9D2B0\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de escritura fuera de l\\u00edmites en mod_sed de Apache HTTP Server permite a un atacante sobrescribir la memoria de la pila con datos posiblemente proporcionados por el atacante. Este problema afecta a Apache HTTP Server 2.4 versiones 2.4.52 y anteriores\"}]",
"id": "CVE-2022-23943",
"lastModified": "2024-11-21T06:49:29.970",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2022-03-14T11:15:09.187",
"references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2022/03/14/1\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://httpd.apache.org/security/vulnerabilities_24.html\", \"source\": \"security@apache.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/\", \"source\": \"security@apache.org\"}, {\"url\": \"https://security.gentoo.org/glsa/202208-20\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220321-0001/\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"source\": \"security@apache.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2022-08\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2022-09\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/03/14/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://httpd.apache.org/security/vulnerabilities_24.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202208-20\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220321-0001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2022-08\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2022-09\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-190\"}, {\"lang\": \"en\", \"value\": \"CWE-787\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-23943\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2022-03-14T11:15:09.187\",\"lastModified\":\"2025-05-01T15:37:55.323\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de escritura fuera de l\u00edmites en mod_sed de Apache HTTP Server permite a un atacante sobrescribir la memoria de la pila con datos posiblemente proporcionados por el atacante. Este problema afecta a Apache HTTP Server 2.4 versiones 2.4.52 y anteriores\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"},{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4.0\",\"versionEndExcluding\":\"2.4.53\",\"matchCriteriaId\":\"322531FA-AC60-496C-A9A8-0643BEB09B53\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFC79B17-E9D2-44D5-93ED-2F959E7A3D43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD04BEE5-E9A8-4584-A68C-0195CE9C402C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3E503FB-6279-4D4A-91D8-E237ECF9D2B0\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2022/03/14/1\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://httpd.apache.org/security/vulnerabilities_24.html\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202208-20\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220321-0001/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2022-08\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2022-09\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/03/14/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://httpd.apache.org/security/vulnerabilities_24.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202208-20\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220321-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2022-08\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2022-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2022-AVI-370
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Tenable.sc. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tenable.sc versions ant\u00e9rieures \u00e0 5.21.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2022-24828",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24828"
},
{
"name": "CVE-2021-21707",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21707"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2022-23943",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23943"
},
{
"name": "CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2021-41116",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41116"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-370",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable.sc.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable.sc",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2022-09 du 20 avril 2022",
"url": "https://www.tenable.com/security/tns-2022-09"
}
]
}
CERTFR-2024-AVI-0575
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 22.2-EVO antérieures à 22.2R3-S4-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 22.3-EVO antérieures à 22.3R3-S3-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 22.4-EVO antérieures à 22.4R3-S2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 23.2-EVO antérieures à 23.2R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 23.4-EVO antérieures à 23.4R1-S2-EVO | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 21.2 antérieures à 21.2R3-S8 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 21.4 antérieures à 21.4R3-S6 | ||
| Juniper Networks | N/A | Junos OS versions 22.3 antérieures à 22.3R2-S2 | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 23.4-EVO antérieures à 23.4R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions antérieures à 21.2R3-S8-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 21.2-EVO antérieures à 21.2R3-S7-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 21.3-EVO antérieures à 21.3R3-S5-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 21.4-EVO antérieures à 21.4R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 21.4-EVO antérieures à 21.4R3-S8-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.1-EVO antérieures à 22.1R3-S6-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.2-EVO antérieures à 22.2R2-S1-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.2-EVO antérieures à 22.2R3-S4-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.3-EVO antérieures à 22.3R1-S1-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.3-EVO antérieures à 22.3R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.3-EVO antérieures à 22.3R3-S3-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.4-EVO antérieures à 22.4R2-S2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.4-EVO antérieures à 22.4R3-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.4-EVO antérieures à 22.4R3-S3-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 23.2-EVO antérieures à 23.2R1-S1-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 23.2-EVO antérieures à 23.2R2-S1-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 23.4-EVO antérieures à 23.4R1-S2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 23.4-EVO antérieures à 23.4R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 24.2-EVO antérieures à 24.2R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à 20.4R3-S10-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à 21.2R3-S8-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à 21.4R3-S8-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à 22.4R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à 22.4R3-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à 23.2R1-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à before 22.1R3-EVO | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 21.4 antérieures à 21.4R3-S6 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 22.1 antérieures à 22.1R3-S5 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 22.2 antérieures à 22.2R3-S3 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 22.3 antérieures à 22.3R3-S2 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 22.4 antérieures à 22.4R3 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 23.2 antérieures à 23.2R2 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions antérieures à 21.2R3-S6 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 22.1 antérieures à 22.1R3-S5 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 22.2 antérieures à 22.2R3-S3 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 22.3 antérieures à 22.3R3-S2 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 22.4 antérieures à 22.4R3-S1 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 23.2 antérieures à 23.2R2 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 23.4 antérieures à 23.4R2 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 21.4 antérieures à 21.4R3-S6 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 22.1 antérieures à 22.1R3-S5 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 22.2 antérieures à 22.2R3-S3 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 22.3 antérieures à 22.3R3-S2 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 22.4 antérieures à 22.4R3 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 23.2 antérieures à 23.2R2 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions antérieures à 21.2R3-S7 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 21.4 antérieures à 21.4R3-S7 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.1 antérieures à 22.1R3-S2 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.2 antérieures à 22.2R3-S1 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 antérieures à 22.3R2-S1 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 antérieures à 22.3R3 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 antérieures à 22.4R1-S2 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 antérieures à 22.4R2 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 antérieures à 22.4R3 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions antérieures à 21.2R3-S8 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 21.4 antérieures à 21.4R3-S7 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 22.1 antérieures à 22.1R3-S6 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 22.2 antérieures à 22.2R3-S4 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 22.3 antérieures à 22.3R3-S3 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 22.4 antérieures à 22.4R3-S2 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 23.2 antérieures à 23.2R2 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 23.4 antérieures à 23.4R1-S1 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 23.4 antérieures à 23.4R2 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions antérieures à 21.2R3-S8 | ||
| Juniper Networks | N/A | Junos OS versions 21.3 antérieures à 21.3R3-S5 | ||
| Juniper Networks | N/A | Junos OS versions 21.4 antérieures à 21.4R2 | ||
| Juniper Networks | N/A | Junos OS versions 22.1 antérieures à 22.1R3-S6 | ||
| Juniper Networks | N/A | Junos OS versions 22.2 antérieures à 22.2R2-S1 | ||
| Juniper Networks | N/A | Junos OS versions 22.2 antérieures à 22.2R3-S4 | ||
| Juniper Networks | N/A | Junos OS versions 22.3 antérieures à 22.3R1-S2 | ||
| Juniper Networks | N/A | Junos OS versions 22.3 antérieures à 22.3R3-S3 | ||
| Juniper Networks | N/A | Junos OS versions 22.4 antérieures à 22.4R2-S2 | ||
| Juniper Networks | N/A | Junos OS versions 22.4 antérieures à 22.4R3-S3 | ||
| Juniper Networks | N/A | Junos OS versions 23.1 antérieures à 23.1R2 | ||
| Juniper Networks | N/A | Junos OS versions 23.2 antérieures à 23.2R2-S1 | ||
| Juniper Networks | N/A | Junos OS versions 23.4 antérieures à 23.4R1-S2 | ||
| Juniper Networks | N/A | Junos OS versions 23.4 antérieures à 23.4R2 | ||
| Juniper Networks | N/A | Junos OS versions antérieures à 20.4R3-S9 | ||
| Juniper Networks | N/A | Junos OS versions antérieures à 21.2R3-S8 | ||
| Juniper Networks | N/A | Junos OS versions antérieures à 21.4R3-S8 | ||
| Juniper Networks | N/A | Junos OS versions antérieures à 22.1R2-S2 | ||
| Juniper Networks | N/A | Junos Space versions antérieures à 24.1R1 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 20.4 antérieures à 20.4R3-S10 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.2 antérieures à 21.2R3-S6 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.3 antérieures à 21.3R3-S5 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.4 antérieures à 21.4R3-S6 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.1 antérieures à 22.1R3-S4 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.2 antérieures à 22.2R3-S2 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.3 antérieures à 22.3R3-S1 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.4 antérieures à 22.4R3 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 23.2 antérieures à 23.2R2 | ||
| Juniper Networks | N/A | Session Smart Router versions 6.1 antérieures à SSR-6.1.8-lts | ||
| Juniper Networks | N/A | Session Smart Router versions 6.2 antérieures à SSR-6.2.5-r2 | ||
| Juniper Networks | N/A | Session Smart Router versions antérieures à SSR-5.6.14 | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 22.1-EVO antérieures à 22.1R3-S6-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions antérieures à 21.4R3-S7-EVO |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS Evolved on ACX7000 Series versions 22.2-EVO ant\u00e9rieures \u00e0 22.2R3-S4-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R3-S3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R3-S2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R1-S2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 21.2 ant\u00e9rieures \u00e0 21.2R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.3 ant\u00e9rieures \u00e0 22.3R2-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions ant\u00e9rieures \u00e0 21.2R3-S8-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.2-EVO ant\u00e9rieures \u00e0 21.2R3-S7-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.3-EVO ant\u00e9rieures \u00e0 21.3R3-S5-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.4-EVO ant\u00e9rieures \u00e0 21.4R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.4-EVO ant\u00e9rieures \u00e0 21.4R3-S8-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.1-EVO ant\u00e9rieures \u00e0 22.1R3-S6-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.2-EVO ant\u00e9rieures \u00e0 22.2R2-S1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.2-EVO ant\u00e9rieures \u00e0 22.2R3-S4-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R1-S1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R3-S3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R2-S2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R3-S3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R1-S1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R2-S1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R1-S2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 24.2-EVO ant\u00e9rieures \u00e0 24.2R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S10-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 21.2R3-S8-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 21.4R3-S8-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 22.4R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 22.4R3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 23.2R1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 before 22.1R3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions ant\u00e9rieures \u00e0 21.2R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 22.4 ant\u00e9rieures \u00e0 22.4R3-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 23.4 ant\u00e9rieures \u00e0 23.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions ant\u00e9rieures \u00e0 21.2R3-S7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 ant\u00e9rieures \u00e0 22.3R2-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 ant\u00e9rieures \u00e0 22.3R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 ant\u00e9rieures \u00e0 22.4R1-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 ant\u00e9rieures \u00e0 22.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions ant\u00e9rieures \u00e0 21.2R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 22.4 ant\u00e9rieures \u00e0 22.4R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 23.4 ant\u00e9rieures \u00e0 23.4R1-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 23.4 ant\u00e9rieures \u00e0 23.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions ant\u00e9rieures \u00e0 21.2R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.3 ant\u00e9rieures \u00e0 21.3R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.4 ant\u00e9rieures \u00e0 21.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.2 ant\u00e9rieures \u00e0 22.2R2-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.3 ant\u00e9rieures \u00e0 22.3R1-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.4 ant\u00e9rieures \u00e0 22.4R2-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.4 ant\u00e9rieures \u00e0 22.4R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.1 ant\u00e9rieures \u00e0 23.1R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.2 ant\u00e9rieures \u00e0 23.2R2-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.4 ant\u00e9rieures \u00e0 23.4R1-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.4 ant\u00e9rieures \u00e0 23.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 20.4R3-S9",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 21.2R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 21.4R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 22.1R2-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 24.1R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 20.4 ant\u00e9rieures \u00e0 20.4R3-S10",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.2 ant\u00e9rieures \u00e0 21.2R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.3 ant\u00e9rieures \u00e0 21.3R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions 6.1 ant\u00e9rieures \u00e0 SSR-6.1.8-lts",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions 6.2 ant\u00e9rieures \u00e0 SSR-6.2.5-r2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions ant\u00e9rieures \u00e0 SSR-5.6.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 22.1-EVO ant\u00e9rieures \u00e0 22.1R3-S6-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions ant\u00e9rieures \u00e0 21.4R3-S7-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-39560",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39560"
},
{
"name": "CVE-2023-32435",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32435"
},
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2024-39554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39554"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2024-39539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39539"
},
{
"name": "CVE-2021-36160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36160"
},
{
"name": "CVE-2020-12401",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12401"
},
{
"name": "CVE-2024-39558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39558"
},
{
"name": "CVE-2022-30522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30522"
},
{
"name": "CVE-2021-37701",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37701"
},
{
"name": "CVE-2022-21460",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21460"
},
{
"name": "CVE-2021-31535",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31535"
},
{
"name": "CVE-2022-36760",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36760"
},
{
"name": "CVE-2021-33034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33034"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2024-39552",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39552"
},
{
"name": "CVE-2021-27290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27290"
},
{
"name": "CVE-2019-11727",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
},
{
"name": "CVE-2023-3390",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3390"
},
{
"name": "CVE-2023-4004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4004"
},
{
"name": "CVE-2021-29469",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29469"
},
{
"name": "CVE-2023-2002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2002"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2021-23440",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23440"
},
{
"name": "CVE-2021-32804",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32804"
},
{
"name": "CVE-2020-13950",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13950"
},
{
"name": "CVE-2021-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26691"
},
{
"name": "CVE-2024-39546",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39546"
},
{
"name": "CVE-2024-39540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39540"
},
{
"name": "CVE-2018-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3737"
},
{
"name": "CVE-2024-39543",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39543"
},
{
"name": "CVE-2020-11984",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11984"
},
{
"name": "CVE-2022-22721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22721"
},
{
"name": "CVE-2021-35624",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35624"
},
{
"name": "CVE-2023-35788",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35788"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2024-39514",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39514"
},
{
"name": "CVE-2022-25147",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25147"
},
{
"name": "CVE-2021-35604",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35604"
},
{
"name": "CVE-2021-42013",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42013"
},
{
"name": "CVE-2023-34059",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34059"
},
{
"name": "CVE-2024-39529",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39529"
},
{
"name": "CVE-2006-20001",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-20001"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2021-2385",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2385"
},
{
"name": "CVE-2022-29167",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29167"
},
{
"name": "CVE-2020-7774",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7774"
},
{
"name": "CVE-2019-10747",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10747"
},
{
"name": "CVE-2023-34058",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34058"
},
{
"name": "CVE-2011-5094",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-5094"
},
{
"name": "CVE-2019-16776",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16776"
},
{
"name": "CVE-2022-21589",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21589"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2019-10097",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10097"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2023-2828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-4206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4206"
},
{
"name": "CVE-2022-21304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21304"
},
{
"name": "CVE-2023-3090",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3090"
},
{
"name": "CVE-2024-39536",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39536"
},
{
"name": "CVE-2024-39555",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39555"
},
{
"name": "CVE-2022-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3564"
},
{
"name": "CVE-2023-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3611"
},
{
"name": "CVE-2020-13938",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13938"
},
{
"name": "CVE-2016-10540",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10540"
},
{
"name": "CVE-2019-10082",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10082"
},
{
"name": "CVE-2023-42753",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42753"
},
{
"name": "CVE-2016-1000232",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000232"
},
{
"name": "CVE-2015-9262",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9262"
},
{
"name": "CVE-2023-32360",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32360"
},
{
"name": "CVE-2021-37713",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37713"
},
{
"name": "CVE-2021-39275",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
},
{
"name": "CVE-2024-39561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39561"
},
{
"name": "CVE-2022-21303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21303"
},
{
"name": "CVE-2019-17023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17023"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2020-35452",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35452"
},
{
"name": "CVE-2023-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4207"
},
{
"name": "CVE-2022-21617",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21617"
},
{
"name": "CVE-2023-0767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
},
{
"name": "CVE-2022-41741",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41741"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2021-37712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37712"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2023-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30630"
},
{
"name": "CVE-2022-21608",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21608"
},
{
"name": "CVE-2022-2526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2526"
},
{
"name": "CVE-2023-20593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20593"
},
{
"name": "CVE-2024-39535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39535"
},
{
"name": "CVE-2024-39545",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39545"
},
{
"name": "CVE-2024-39531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39531"
},
{
"name": "CVE-2022-41742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41742"
},
{
"name": "CVE-2019-16777",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16777"
},
{
"name": "CVE-2021-2389",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2389"
},
{
"name": "CVE-2023-21840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21840"
},
{
"name": "CVE-2019-10081",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10081"
},
{
"name": "CVE-2020-1934",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1934"
},
{
"name": "CVE-2022-30556",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30556"
},
{
"name": "CVE-2020-8648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8648"
},
{
"name": "CVE-2022-21270",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21270"
},
{
"name": "CVE-2023-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21963"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2023-21980",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21980"
},
{
"name": "CVE-2024-39530",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39530"
},
{
"name": "CVE-2024-39532",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39532"
},
{
"name": "CVE-2023-27522",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27522"
},
{
"name": "CVE-2024-39557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39557"
},
{
"name": "CVE-2021-2390",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2390"
},
{
"name": "CVE-2024-39550",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39550"
},
{
"name": "CVE-2022-28615",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28615"
},
{
"name": "CVE-2022-21451",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21451"
},
{
"name": "CVE-2014-10064",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-10064"
},
{
"name": "CVE-2024-39511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39511"
},
{
"name": "CVE-2022-23943",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23943"
},
{
"name": "CVE-2024-39548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39548"
},
{
"name": "CVE-2020-11993",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11993"
},
{
"name": "CVE-2023-22652",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22652"
},
{
"name": "CVE-2024-39528",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39528"
},
{
"name": "CVE-2023-3341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
},
{
"name": "CVE-2023-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22025"
},
{
"name": "CVE-2021-43527",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43527"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2024-39559",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39559"
},
{
"name": "CVE-2014-7191",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7191"
},
{
"name": "CVE-2021-2356",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2356"
},
{
"name": "CVE-2020-36049",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36049"
},
{
"name": "CVE-2023-4208",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4208"
},
{
"name": "CVE-2021-41524",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41524"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2020-12402",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12402"
},
{
"name": "CVE-2019-11719",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
},
{
"name": "CVE-2021-34798",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34798"
},
{
"name": "CVE-2024-39519",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39519"
},
{
"name": "CVE-2021-32803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32803"
},
{
"name": "CVE-2019-17006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
},
{
"name": "CVE-2022-21595",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21595"
},
{
"name": "CVE-2019-16775",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16775"
},
{
"name": "CVE-2020-12403",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12403"
},
{
"name": "CVE-2023-3776",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3776"
},
{
"name": "CVE-2023-2700",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2700"
},
{
"name": "CVE-2020-7754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7754"
},
{
"name": "CVE-2024-39533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39533"
},
{
"name": "CVE-2021-22543",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22543"
},
{
"name": "CVE-2021-33909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
},
{
"name": "CVE-2021-26690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26690"
},
{
"name": "CVE-2022-22719",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22719"
},
{
"name": "CVE-2022-40674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40674"
},
{
"name": "CVE-2022-46663",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46663"
},
{
"name": "CVE-2011-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1473"
},
{
"name": "CVE-2024-39513",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39513"
},
{
"name": "CVE-2021-3803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3803"
},
{
"name": "CVE-2022-21417",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21417"
},
{
"name": "CVE-2024-39518",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39518"
},
{
"name": "CVE-2023-37450",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37450"
},
{
"name": "CVE-2021-30641",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30641"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2020-7660",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7660"
},
{
"name": "CVE-2022-31813",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31813"
},
{
"name": "CVE-2023-34969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34969"
},
{
"name": "CVE-2019-9517",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9517"
},
{
"name": "CVE-2018-20834",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20834"
},
{
"name": "CVE-2020-12362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12362"
},
{
"name": "CVE-2020-1927",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1927"
},
{
"name": "CVE-2022-21592",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21592"
},
{
"name": "CVE-2021-3347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3347"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2023-25690",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25690"
},
{
"name": "CVE-2021-2342",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2342"
},
{
"name": "CVE-2022-22720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22720"
},
{
"name": "CVE-2017-15010",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15010"
},
{
"name": "CVE-2019-10092",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10092"
},
{
"name": "CVE-2024-39541",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39541"
},
{
"name": "CVE-2021-44224",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44224"
},
{
"name": "CVE-2024-39537",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39537"
},
{
"name": "CVE-2022-21444",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21444"
},
{
"name": "CVE-2019-17567",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17567"
},
{
"name": "CVE-2018-7408",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7408"
},
{
"name": "CVE-2019-20149",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20149"
},
{
"name": "CVE-2024-20932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20932"
},
{
"name": "CVE-2023-35001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35001"
},
{
"name": "CVE-2024-39551",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39551"
},
{
"name": "CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"name": "CVE-2022-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29404"
},
{
"name": "CVE-2020-14145",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14145"
},
{
"name": "CVE-2019-11756",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2024-39565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39565"
},
{
"name": "CVE-2021-31618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31618"
},
{
"name": "CVE-2022-21344",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21344"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2024-39549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39549"
},
{
"name": "CVE-2022-21367",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21367"
},
{
"name": "CVE-2021-33193",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33193"
},
{
"name": "CVE-2021-41773",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41773"
},
{
"name": "CVE-2020-11668",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11668"
},
{
"name": "CVE-2022-26377",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26377"
},
{
"name": "CVE-2021-44790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
},
{
"name": "CVE-2020-9490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9490"
},
{
"name": "CVE-2020-28502",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28502"
},
{
"name": "CVE-2024-39556",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39556"
},
{
"name": "CVE-2022-37436",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37436"
},
{
"name": "CVE-2021-33033",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33033"
},
{
"name": "CVE-2023-32439",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32439"
},
{
"name": "CVE-2020-12400",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12400"
},
{
"name": "CVE-2023-21912",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21912"
},
{
"name": "CVE-2022-28330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28330"
},
{
"name": "CVE-2024-39542",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39542"
},
{
"name": "CVE-2022-21454",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21454"
},
{
"name": "CVE-2017-1000048",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000048"
},
{
"name": "CVE-2022-21427",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21427"
},
{
"name": "CVE-2021-40438",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40438"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2020-6829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6829"
},
{
"name": "CVE-2021-2372",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2372"
},
{
"name": "CVE-2022-21245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21245"
},
{
"name": "CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2019-10098",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10098"
},
{
"name": "CVE-2024-39538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39538"
},
{
"name": "CVE-2022-28614",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28614"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0575",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-12T00:00:00.000000"
},
{
"description": "Correction d\u0027identifiants CVE erron\u00e9s",
"revision_date": "2024-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
"vendor_advisories": [
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83001",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Inconsistent-information-in-the-TE-database-can-lead-to-an-rpd-crash-CVE-2024-39541"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82976",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-The-802-1X-Authentication-Daemon-crashes-on-running-a-specific-command-CVE-2024-39511"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83027",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83021",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX4600-SRX5000-Series-TCP-packets-with-SYN-FIN-or-SYN-RST-are-transferred-after-enabling-no-syn-check-with-Express-Path-CVE-2024-39561"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83018",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-specific-PIM-packet-causes-rpd-crash-when-PIM-is-configured-along-with-MoFRR-CVE-2024-39558"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82987",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-crashes-upon-concurrent-deletion-of-a-routing-instance-and-receipt-of-an-SNMP-request-CVE-2024-39528"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82982",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-MX240-MX480-MX960-platforms-using-MPC10E-Memory-leak-will-be-observed-when-subscribed-to-a-specific-subscription-on-Junos-Telemetry-Interface-CVE-2024-39518"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83012",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-MX-Series-with-SPC3-line-card-Port-flaps-causes-rtlogd-memory-leak-leading-to-Denial-of-Service-CVE-2024-39550"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83019",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Receipt-of-a-specific-TCP-packet-may-result-in-a-system-crash-vmcore-on-dual-RE-systems-with-NSR-enabled-CVE-2024-39559"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83004",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-large-RPKI-RTR-PDU-packet-can-cause-rpd-to-crash-CVE-2024-39543"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83010",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Receipt-of-specific-packets-in-the-aftmand-process-will-lead-to-a-memory-leak-CVE-2024-39548"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83014",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-BGP-multipath-incremental-calculation-is-resulting-in-an-rpd-crash-CVE-2024-39554"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82996",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Flaps-of-BFD-sessions-with-authentication-cause-a-ppmd-memory-leak-CVE-2024-39536"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82980",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receiving-specific-traffic-on-devices-with-EVPN-VPWS-with-IGMP-snooping-enabled-will-cause-the-rpd-to-crash-CVE-2024-39514"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83000",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-Specific-valid-TCP-traffic-can-cause-a-pfe-crash-CVE-2024-39540"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83008",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Local-low-privilege-user-can-gain-root-permissions-leading-to-privilege-escalation-CVE-2024-39546"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82991",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-Protocol-specific-DDoS-configuration-affects-other-protocols-CVE-2024-39531"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83011",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Receipt-of-malformed-BGP-path-attributes-leads-to-a-memory-leak-CVE-2024-39549"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82989",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Attempting-to-access-specific-sensors-on-platforms-not-supporting-these-will-lead-to-a-chassisd-crash-CVE-2024-39530"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82997",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-Ports-which-have-been-inadvertently-exposed-can-be-reached-over-the-network-CVE-2024-39537"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83023",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-EX-Series-J-Web-An-unauthenticated-network-based-attacker-can-perform-XPATH-injection-attack-against-a-device-CVE-2024-39565"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83026",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R1-release"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83013",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-and-MS-MPC-MIC-Receipt-of-specific-packets-in-H-323-ALG-causes-traffic-drop-CVE-2024-39551"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83002",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-malformed-CFM-packet-or-specific-transit-traffic-leads-to-FPC-crash-CVE-2024-39542"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83015",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specific-malformed-BGP-update-causes-the-session-to-reset-CVE-2024-39555"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83007",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-and-NFX350-When-VPN-tunnels-parameters-are-not-matching-the-iked-process-will-crash-CVE-2024-39545"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82995",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-When-specific-traffic-is-received-in-a-VPLS-scenario-evo-pfemand-crashes-CVE-2024-39535"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82993",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-QFX5000-Series-and-EX4600-Series-Output-firewall-filter-is-not-applied-if-certain-match-criteria-are-used-CVE-2024-39533"
},
{
"published_at": "2024-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA75726",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Malformed-BGP-UPDATE-causes-RPD-crash-CVE-2024-39552"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82988",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-If-DNS-traceoptions-are-configured-in-a-DGA-or-tunnel-detection-scenario-specific-DNS-traffic-leads-to-a-PFE-crash-CVE-2024-39529"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83017",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-MAC-table-changes-cause-a-memory-leak-CVE-2024-39557"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82983",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX-7000-Series-Multicast-traffic-is-looped-in-a-multihoming-EVPN-MPLS-scenario-CVE-2024-39519"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83020",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Memory-leak-due-to-RSVP-neighbor-persistent-error-leading-to-kernel-crash-CVE-2024-39560"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82998",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-When-multicast-traffic-with-a-specific-S-G-is-received-evo-pfemand-crashes-CVE-2024-39538"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82999",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-MX-Series-Continuous-subscriber-logins-will-lead-to-a-memory-leak-and-eventually-an-FPC-crash-CVE-2024-39539"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83016",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Loading-a-malicious-certificate-from-the-CLI-may-result-in-a-stack-based-overflow-CVE-2024-39556"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82992",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Confidential-information-in-logs-can-be-accessed-by-another-user-CVE-2024-39532"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82978",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Execution-of-a-specific-CLI-command-will-cause-a-crash-in-the-AFT-manager-CVE-2024-39513"
}
]
}
Title
Apache HTTP Server缓冲区溢出漏洞(CNVD-2022-41640)
Description
Apache HTTP Server是美国阿帕奇(Apache)基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。
Apache HTTP Server存在缓冲区溢出漏洞,该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界。攻击者可利用该漏洞导致覆盖堆内存。
Severity
高
Patch Name
Apache HTTP Server缓冲区溢出漏洞(CNVD-2022-41640)的补丁
Patch Description
Apache HTTP Server是美国阿帕奇(Apache)基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。
Apache HTTP Server存在缓冲区溢出漏洞,该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界。攻击者可利用该漏洞导致覆盖堆内存。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://httpd.apache.org/security/vulnerabilities_24.html
Reference
https://nvd.nist.gov/vuln/detail/CVE-2022-23943
Impacted products
| Name | Apache HTTP Server >=2.4.0,<=2.4.52 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2022-23943",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-23943"
}
},
"description": "Apache HTTP Server\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90\u7f51\u9875\u670d\u52a1\u5668\u3002\u8be5\u670d\u52a1\u5668\u5177\u6709\u5feb\u901f\u3001\u53ef\u9760\u4e14\u53ef\u901a\u8fc7\u7b80\u5355\u7684API\u8fdb\u884c\u6269\u5145\u7684\u7279\u70b9\u3002\n\nApache HTTP Server\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u5185\u5b58\u4e0a\u6267\u884c\u64cd\u4f5c\u65f6\uff0c\u672a\u6b63\u786e\u9a8c\u8bc1\u6570\u636e\u8fb9\u754c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8986\u76d6\u5806\u5185\u5b58\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://httpd.apache.org/security/vulnerabilities_24.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2022-41640",
"openTime": "2022-05-28",
"patchDescription": "Apache HTTP Server\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90\u7f51\u9875\u670d\u52a1\u5668\u3002\u8be5\u670d\u52a1\u5668\u5177\u6709\u5feb\u901f\u3001\u53ef\u9760\u4e14\u53ef\u901a\u8fc7\u7b80\u5355\u7684API\u8fdb\u884c\u6269\u5145\u7684\u7279\u70b9\u3002\r\n\r\nApache HTTP Server\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u5185\u5b58\u4e0a\u6267\u884c\u64cd\u4f5c\u65f6\uff0c\u672a\u6b63\u786e\u9a8c\u8bc1\u6570\u636e\u8fb9\u754c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8986\u76d6\u5806\u5185\u5b58\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apache HTTP Server\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2022-41640\uff09\u7684\u8865\u4e01",
"products": {
"product": "Apache HTTP Server \u003e=2.4.0\uff0c\u003c=2.4.52"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-23943",
"serverity": "\u9ad8",
"submitTime": "2022-03-16",
"title": "Apache HTTP Server\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2022-41640\uff09"
}
FKIE_CVE-2022-23943
Vulnerability from fkie_nvd - Published: 2022-03-14 11:15 - Updated: 2025-05-01 15:37
Severity
Summary
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.
References
| URL | Tags | ||
|---|---|---|---|
| security@apache.org | http://www.openwall.com/lists/oss-security/2022/03/14/1 | Mailing List, Third Party Advisory | |
| security@apache.org | https://httpd.apache.org/security/vulnerabilities_24.html | Vendor Advisory | |
| security@apache.org | https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html | Mailing List, Third Party Advisory | |
| security@apache.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/ | Third Party Advisory | |
| security@apache.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/ | Third Party Advisory | |
| security@apache.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/ | Third Party Advisory | |
| security@apache.org | https://security.gentoo.org/glsa/202208-20 | Third Party Advisory | |
| security@apache.org | https://security.netapp.com/advisory/ntap-20220321-0001/ | Third Party Advisory | |
| security@apache.org | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| security@apache.org | https://www.tenable.com/security/tns-2022-08 | Third Party Advisory | |
| security@apache.org | https://www.tenable.com/security/tns-2022-09 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2022/03/14/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://httpd.apache.org/security/vulnerabilities_24.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202208-20 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220321-0001/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/tns-2022-08 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/tns-2022-09 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | http_server | * | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| debian | debian_linux | 9.0 | |
| oracle | http_server | 12.2.1.3.0 | |
| oracle | http_server | 12.2.1.4.0 | |
| oracle | zfs_storage_appliance_kit | 8.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "322531FA-AC60-496C-A9A8-0643BEB09B53",
"versionEndExcluding": "2.4.53",
"versionStartIncluding": "2.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions."
},
{
"lang": "es",
"value": "Una vulnerabilidad de escritura fuera de l\u00edmites en mod_sed de Apache HTTP Server permite a un atacante sobrescribir la memoria de la pila con datos posiblemente proporcionados por el atacante. Este problema afecta a Apache HTTP Server 2.4 versiones 2.4.52 y anteriores"
}
],
"id": "CVE-2022-23943",
"lastModified": "2025-05-01T15:37:55.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-14T11:15:09.187",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/03/14/1"
},
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-20"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220321-0001/"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2022-08"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2022-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/03/14/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220321-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2022-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2022-09"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-778R-VP3X-2F8C
Vulnerability from github – Published: 2022-03-15 00:01 – Updated: 2025-05-01 18:31
VLAI
Details
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.
Severity
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2022-23943"
],
"database_specific": {
"cwe_ids": [
"CWE-190",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-14T11:15:00Z",
"severity": "CRITICAL"
},
"details": "Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.",
"id": "GHSA-778r-vp3x-2f8c",
"modified": "2025-05-01T18:31:41Z",
"published": "2022-03-15T00:01:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23943"
},
{
"type": "WEB",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-20"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220321-0001"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2022-08"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2022-09"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/03/14/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2022-23943
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-23943",
"description": "Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.",
"id": "GSD-2022-23943",
"references": [
"https://advisories.mageia.org/CVE-2022-23943.html",
"https://www.suse.com/security/cve/CVE-2022-23943.html",
"https://ubuntu.com/security/CVE-2022-23943",
"https://alas.aws.amazon.com/cve/html/CVE-2022-23943.html",
"https://access.redhat.com/errata/RHSA-2022:6753",
"https://access.redhat.com/errata/RHSA-2022:7647",
"https://access.redhat.com/errata/RHSA-2022:8067",
"https://access.redhat.com/errata/RHSA-2022:8840",
"https://access.redhat.com/errata/RHSA-2022:8841"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-23943"
],
"details": "Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.",
"id": "GSD-2022-23943",
"modified": "2023-12-13T01:19:35.631634Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2022-23943",
"STATE": "PUBLIC",
"TITLE": "mod_sed: Read/write beyond bounds"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.4",
"version_value": "2.4.52"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ronald Crane (Zippenhop LLC)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "important"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "MISC",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "[oss-security] 20220314 CVE-2022-23943: Apache HTTP Server: mod_sed: Read/write beyond bounds",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/03/14/1"
},
{
"name": "FEDORA-2022-b4103753e9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/"
},
{
"name": "[debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html"
},
{
"name": "FEDORA-2022-21264ec6db",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/"
},
{
"name": "FEDORA-2022-78e3211c55",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://www.tenable.com/security/tns-2022-08",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2022-08"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220321-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220321-0001/"
},
{
"name": "https://www.tenable.com/security/tns-2022-09",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2022-09"
},
{
"name": "GLSA-202208-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-20"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "eng",
"time": "2022-01-13",
"value": "Reported to security team"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.4.52",
"versionStartIncluding": "2.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2022-23943"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "[oss-security] 20220314 CVE-2022-23943: Apache HTTP Server: mod_sed: Read/write beyond bounds",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/03/14/1"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220321-0001/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220321-0001/"
},
{
"name": "FEDORA-2022-b4103753e9",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/"
},
{
"name": "[debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html"
},
{
"name": "FEDORA-2022-21264ec6db",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/"
},
{
"name": "FEDORA-2022-78e3211c55",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/"
},
{
"name": "https://www.tenable.com/security/tns-2022-08",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2022-08"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://www.tenable.com/security/tns-2022-09",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2022-09"
},
{
"name": "GLSA-202208-20",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-20"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-10-26T17:56Z",
"publishedDate": "2022-03-14T11:15Z"
}
}
}
ICSA-22-132-02
Vulnerability from csaf_cisa - Published: 2022-05-12 00:00 - Updated: 2022-05-12 00:00Summary
Mitsubishi Electric MELSOFT iQ AppPortal
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities could result in a denial-of-service condition, malicious program execution, information disclosure, information tampering, or authentication bypass.
Critical infrastructure sectors: Critical Manufacturing
Countries/areas deployed: Worldwide
Company headquarters location: Japan
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability: No known public exploits specifically target these vulnerabilities.
9.8 (Critical)
Affected products
9.8 (Critical)
Affected products
References
16 references
| URL | Category |
|---|---|
| https://raw.githubusercontent.com/cisagov/CSAF/de… | self |
| https://www.cisa.gov/news-events/ics-advisories/i… | self |
| https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-… | external |
| https://www.cisa.gov/uscert/sites/default/files/r… | external |
| https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
Acknowledgments
Mitsubishi Electric
{
"document": {
"acknowledgments": [
{
"organization": "Mitsubishi Electric",
"summary": "notifying CISA of these vulnerabilities"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could result in a denial-of-service condition, malicious program execution, information disclosure, information tampering, or authentication bypass.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Japan",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-22-132-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-132-02.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-22-132-02 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-132-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Mitsubishi Electric MELSOFT iQ AppPortal",
"tracking": {
"current_release_date": "2022-05-12T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-22-132-02",
"initial_release_date": "2022-05-12T00:00:00.000000Z",
"revision_history": [
{
"date": "2022-05-12T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-22-132-02 Mitsubishi Electric MELSOFT iQ AppPortal"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= 1.00A | \u003c= 1.26C",
"product": {
"name": "MELSOFT iQ AppPortal (SW1DND-IQAPL-M): Versions 1.00A through 1.26C",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "MELSOFT iQ AppPortal (SW1DND-IQAPL-M)"
}
],
"category": "vendor",
"name": "Mitsubishi Electric"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13938",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "summary",
"text": "Apache HTTP Server Versions 2.4.0 to 2.4.46 allow unprivileged local users to stop httpd on Windows.CVE-2020-13938 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13938"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to 1.29F or later. Unzip the downloaded file (zip format) and execute the file \u201csetup.exe.\u201d",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/#software"
},
{
"category": "mitigation",
"details": "Restrict network access to the computer running this product so it can be accessed only from trusted networks or hosts.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Minimize user privilege for product users.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Install an antivirus software in the personal computer that runs this product.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Please follow the safety precautions in the operating manual for the product.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For more information see Mitsubishi Electric\u0027s advisory 2022-003",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-003_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-26691",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In Apache HTTP Server Versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow.CVE-2021-26691 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26691"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to 1.29F or later. Unzip the downloaded file (zip format) and execute the file \u201csetup.exe.\u201d",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/#software"
},
{
"category": "mitigation",
"details": "Restrict network access to the computer running this product so it can be accessed only from trusted networks or hosts.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Minimize user privilege for product users.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Install an antivirus software in the personal computer that runs this product.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Please follow the safety precautions in the operating manual for the product.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For more information see Mitsubishi Electric\u0027s advisory 2022-003",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-003_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-34798",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server Versions 2.4.48 and earlier.CVE-2021-34798 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34798"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to 1.29F or later. Unzip the downloaded file (zip format) and execute the file \u201csetup.exe.\u201d",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/#software"
},
{
"category": "mitigation",
"details": "Restrict network access to the computer running this product so it can be accessed only from trusted networks or hosts.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Minimize user privilege for product users.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Install an antivirus software in the personal computer that runs this product.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Please follow the safety precautions in the operating manual for the product.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For more information see Mitsubishi Electric\u0027s advisory 2022-003",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-003_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-3711",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "An attacker who can present SM2 content for decryption to an application could cause data to overflow the buffer up to a maximum of 62 bytes, altering the contents of other data held after the buffer or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1 (Affected 1.1.1-1.1.1k). This issue is detailed further in CVE-2021-3711.CVE-2021-3711 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3711"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to 1.29F or later. Unzip the downloaded file (zip format) and execute the file \u201csetup.exe.\u201d",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/#software"
},
{
"category": "mitigation",
"details": "Restrict network access to the computer running this product so it can be accessed only from trusted networks or hosts.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Minimize user privilege for product users.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Install an antivirus software in the personal computer that runs this product.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Please follow the safety precautions in the operating manual for the product.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For more information see Mitsubishi Electric\u0027s advisory 2022-003",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-003_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-44790",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for this vulnerability, though it might be possible to craft one. This issue affects Apache HTTP Server Versions 2.4.51 and earlier.CVE-2021-44790 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44790"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to 1.29F or later. Unzip the downloaded file (zip format) and execute the file \u201csetup.exe.\u201d",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/#software"
},
{
"category": "mitigation",
"details": "Restrict network access to the computer running this product so it can be accessed only from trusted networks or hosts.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Minimize user privilege for product users.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Install an antivirus software in the personal computer that runs this product.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Please follow the safety precautions in the operating manual for the product.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For more information see Mitsubishi Electric\u0027s advisory 2022-003",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-003_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-22720",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Apache HTTP Server Versions 2.4.52 and earlier fail to close inbound connections when errors are encountered discarding the request body, exposing the server to HTTP request smuggling.CVE-2022-22720 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22720"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to 1.29F or later. Unzip the downloaded file (zip format) and execute the file \u201csetup.exe.\u201d",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/#software"
},
{
"category": "mitigation",
"details": "Restrict network access to the computer running this product so it can be accessed only from trusted networks or hosts.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Minimize user privilege for product users.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Install an antivirus software in the personal computer that runs this product.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Please follow the safety precautions in the operating manual for the product.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For more information see Mitsubishi Electric\u0027s advisory 2022-003",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-003_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-23943",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An out-of-bounds write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 Versions 2.4.52 and earlier.CVE-2022-23943 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23943"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to 1.29F or later. Unzip the downloaded file (zip format) and execute the file \u201csetup.exe.\u201d",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/#software"
},
{
"category": "mitigation",
"details": "Restrict network access to the computer running this product so it can be accessed only from trusted networks or hosts.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Minimize user privilege for product users.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Install an antivirus software in the personal computer that runs this product.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Please follow the safety precautions in the operating manual for the product.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For more information see Mitsubishi Electric\u0027s advisory 2022-003",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-003_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-0778",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop for non-prime moduli. An attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue, which is further detailed in CVE-2022-0778, affects OpenSSL Versions 1.0.2, 1.1.1, and 3.0.xxxCVE-2022-0778 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0778"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to 1.29F or later. Unzip the downloaded file (zip format) and execute the file \u201csetup.exe.\u201d",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/#software"
},
{
"category": "mitigation",
"details": "Restrict network access to the computer running this product so it can be accessed only from trusted networks or hosts.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Minimize user privilege for product users.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Install an antivirus software in the personal computer that runs this product.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Please follow the safety precautions in the operating manual for the product.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For more information see Mitsubishi Electric\u0027s advisory 2022-003",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-003_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
}
]
}
MSRC_CVE-2022-23943
Vulnerability from csaf_microsoft - Published: 2022-03-02 00:00 - Updated: 2022-03-19 00:00Summary
mod_sed: Read/write beyond bounds
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
9.8 (Critical)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 18766-16820 | — | ||
| Unresolved product id: 18767-17086 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2022/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2022/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2022-23943 mod_sed: Read/write beyond bounds - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2022/msrc_cve-2022-23943.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "mod_sed: Read/write beyond bounds",
"tracking": {
"current_release_date": "2022-03-19T00:00:00.000Z",
"generator": {
"date": "2025-10-19T23:23:33.123Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2022-23943",
"initial_release_date": "2022-03-02T00:00:00.000Z",
"revision_history": [
{
"date": "2022-03-19T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1.0",
"product": {
"name": "CBL Mariner 1.0",
"product_id": "16820"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccm1 httpd 2.4.53-1",
"product": {
"name": "\u003ccm1 httpd 2.4.53-1",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "cm1 httpd 2.4.53-1",
"product": {
"name": "cm1 httpd 2.4.53-1",
"product_id": "18766"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 httpd 2.4.53-1",
"product": {
"name": "\u003ccbl2 httpd 2.4.53-1",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 httpd 2.4.53-1",
"product": {
"name": "cbl2 httpd 2.4.53-1",
"product_id": "18767"
}
}
],
"category": "product_name",
"name": "httpd"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccm1 httpd 2.4.53-1 as a component of CBL Mariner 1.0",
"product_id": "16820-2"
},
"product_reference": "2",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cm1 httpd 2.4.53-1 as a component of CBL Mariner 1.0",
"product_id": "18766-16820"
},
"product_reference": "18766",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 httpd 2.4.53-1 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 httpd 2.4.53-1 as a component of CBL Mariner 2.0",
"product_id": "18767-17086"
},
"product_reference": "18767",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-23943",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "general",
"text": "apache",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"18766-16820",
"18767-17086"
],
"known_affected": [
"16820-2",
"17086-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-23943 mod_sed: Read/write beyond bounds - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2022/msrc_cve-2022-23943.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-19T00:00:00.000Z",
"details": "2.4.53-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"16820-2",
"17086-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"16820-2",
"17086-1"
]
}
],
"title": "mod_sed: Read/write beyond bounds"
}
]
}
OPENSUSE-SU-2022:1031-1
Vulnerability from csaf_opensuse - Published: 2022-03-29 15:35 - Updated: 2022-03-29 15:35Summary
Security update for apache2
Severity
Important
Notes
Title of the patch: Security update for apache2
Description of the patch: This update for apache2 fixes the following issues:
- CVE-2022-23943: heap out-of-bounds write in mod_sed (bsc#1197098).
- CVE-2022-22720: HTTP request smuggling due to incorrect error handling (bsc#1197095).
- CVE-2022-22719: use of uninitialized value of in r:parsebody in mod_lua (bsc#1197091).
- CVE-2022-22721: possible buffer overflow with very large or unlimited LimitXMLRequestBody (bsc#1197096).
Patchnames: openSUSE-SLE-15.3-2022-1031
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-doc-2.4.51-150200.3.42.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-doc-2.4.51-150200.3.42.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-doc-2.4.51-150200.3.42.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-doc-2.4.51-150200.3.42.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
31 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://bugzilla.suse.com/1197091 | self |
| https://bugzilla.suse.com/1197095 | self |
| https://bugzilla.suse.com/1197096 | self |
| https://bugzilla.suse.com/1197098 | self |
| https://www.suse.com/security/cve/CVE-2022-22719/ | self |
| https://www.suse.com/security/cve/CVE-2022-22720/ | self |
| https://www.suse.com/security/cve/CVE-2022-22721/ | self |
| https://www.suse.com/security/cve/CVE-2022-23943/ | self |
| https://www.suse.com/security/cve/CVE-2022-22719 | external |
| https://bugzilla.suse.com/1197091 | external |
| https://bugzilla.suse.com/1198430 | external |
| https://www.suse.com/security/cve/CVE-2022-22720 | external |
| https://bugzilla.suse.com/1197095 | external |
| https://bugzilla.suse.com/1198430 | external |
| https://bugzilla.suse.com/1198998 | external |
| https://bugzilla.suse.com/1199102 | external |
| https://bugzilla.suse.com/1199495 | external |
| https://bugzilla.suse.com/1204730 | external |
| https://bugzilla.suse.com/1225670 | external |
| https://www.suse.com/security/cve/CVE-2022-22721 | external |
| https://bugzilla.suse.com/1197096 | external |
| https://bugzilla.suse.com/1198430 | external |
| https://www.suse.com/security/cve/CVE-2022-23943 | external |
| https://bugzilla.suse.com/1197098 | external |
| https://bugzilla.suse.com/1198430 | external |
| https://bugzilla.suse.com/1200351 | external |
| https://bugzilla.suse.com/1219585 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apache2 fixes the following issues:\n\n- CVE-2022-23943: heap out-of-bounds write in mod_sed (bsc#1197098).\n- CVE-2022-22720: HTTP request smuggling due to incorrect error handling (bsc#1197095).\n- CVE-2022-22719: use of uninitialized value of in r:parsebody in mod_lua (bsc#1197091).\n- CVE-2022-22721: possible buffer overflow with very large or unlimited LimitXMLRequestBody (bsc#1197096).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-SLE-15.3-2022-1031",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_1031-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2022:1031-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4LVBWCEX7IVK73L73JHPXASP5AT5BZGS/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2022:1031-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4LVBWCEX7IVK73L73JHPXASP5AT5BZGS/"
},
{
"category": "self",
"summary": "SUSE Bug 1197091",
"url": "https://bugzilla.suse.com/1197091"
},
{
"category": "self",
"summary": "SUSE Bug 1197095",
"url": "https://bugzilla.suse.com/1197095"
},
{
"category": "self",
"summary": "SUSE Bug 1197096",
"url": "https://bugzilla.suse.com/1197096"
},
{
"category": "self",
"summary": "SUSE Bug 1197098",
"url": "https://bugzilla.suse.com/1197098"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-22719 page",
"url": "https://www.suse.com/security/cve/CVE-2022-22719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-22720 page",
"url": "https://www.suse.com/security/cve/CVE-2022-22720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-22721 page",
"url": "https://www.suse.com/security/cve/CVE-2022-22721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23943 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23943/"
}
],
"title": "Security update for apache2",
"tracking": {
"current_release_date": "2022-03-29T15:35:03Z",
"generator": {
"date": "2022-03-29T15:35:03Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2022:1031-1",
"initial_release_date": "2022-03-29T15:35:03Z",
"revision_history": [
{
"date": "2022-03-29T15:35:03Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.51-150200.3.42.1.aarch64",
"product": {
"name": "apache2-2.4.51-150200.3.42.1.aarch64",
"product_id": "apache2-2.4.51-150200.3.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.4.51-150200.3.42.1.aarch64",
"product": {
"name": "apache2-devel-2.4.51-150200.3.42.1.aarch64",
"product_id": "apache2-devel-2.4.51-150200.3.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-event-2.4.51-150200.3.42.1.aarch64",
"product": {
"name": "apache2-event-2.4.51-150200.3.42.1.aarch64",
"product_id": "apache2-event-2.4.51-150200.3.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.51-150200.3.42.1.aarch64",
"product": {
"name": "apache2-example-pages-2.4.51-150200.3.42.1.aarch64",
"product_id": "apache2-example-pages-2.4.51-150200.3.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.51-150200.3.42.1.aarch64",
"product": {
"name": "apache2-prefork-2.4.51-150200.3.42.1.aarch64",
"product_id": "apache2-prefork-2.4.51-150200.3.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.51-150200.3.42.1.aarch64",
"product": {
"name": "apache2-utils-2.4.51-150200.3.42.1.aarch64",
"product_id": "apache2-utils-2.4.51-150200.3.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.51-150200.3.42.1.aarch64",
"product": {
"name": "apache2-worker-2.4.51-150200.3.42.1.aarch64",
"product_id": "apache2-worker-2.4.51-150200.3.42.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-doc-2.4.51-150200.3.42.1.noarch",
"product": {
"name": "apache2-doc-2.4.51-150200.3.42.1.noarch",
"product_id": "apache2-doc-2.4.51-150200.3.42.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.51-150200.3.42.1.ppc64le",
"product": {
"name": "apache2-2.4.51-150200.3.42.1.ppc64le",
"product_id": "apache2-2.4.51-150200.3.42.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.4.51-150200.3.42.1.ppc64le",
"product": {
"name": "apache2-devel-2.4.51-150200.3.42.1.ppc64le",
"product_id": "apache2-devel-2.4.51-150200.3.42.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-event-2.4.51-150200.3.42.1.ppc64le",
"product": {
"name": "apache2-event-2.4.51-150200.3.42.1.ppc64le",
"product_id": "apache2-event-2.4.51-150200.3.42.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.51-150200.3.42.1.ppc64le",
"product": {
"name": "apache2-example-pages-2.4.51-150200.3.42.1.ppc64le",
"product_id": "apache2-example-pages-2.4.51-150200.3.42.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.51-150200.3.42.1.ppc64le",
"product": {
"name": "apache2-prefork-2.4.51-150200.3.42.1.ppc64le",
"product_id": "apache2-prefork-2.4.51-150200.3.42.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.51-150200.3.42.1.ppc64le",
"product": {
"name": "apache2-utils-2.4.51-150200.3.42.1.ppc64le",
"product_id": "apache2-utils-2.4.51-150200.3.42.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.51-150200.3.42.1.ppc64le",
"product": {
"name": "apache2-worker-2.4.51-150200.3.42.1.ppc64le",
"product_id": "apache2-worker-2.4.51-150200.3.42.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.51-150200.3.42.1.s390x",
"product": {
"name": "apache2-2.4.51-150200.3.42.1.s390x",
"product_id": "apache2-2.4.51-150200.3.42.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.4.51-150200.3.42.1.s390x",
"product": {
"name": "apache2-devel-2.4.51-150200.3.42.1.s390x",
"product_id": "apache2-devel-2.4.51-150200.3.42.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-event-2.4.51-150200.3.42.1.s390x",
"product": {
"name": "apache2-event-2.4.51-150200.3.42.1.s390x",
"product_id": "apache2-event-2.4.51-150200.3.42.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.51-150200.3.42.1.s390x",
"product": {
"name": "apache2-example-pages-2.4.51-150200.3.42.1.s390x",
"product_id": "apache2-example-pages-2.4.51-150200.3.42.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.51-150200.3.42.1.s390x",
"product": {
"name": "apache2-prefork-2.4.51-150200.3.42.1.s390x",
"product_id": "apache2-prefork-2.4.51-150200.3.42.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.51-150200.3.42.1.s390x",
"product": {
"name": "apache2-utils-2.4.51-150200.3.42.1.s390x",
"product_id": "apache2-utils-2.4.51-150200.3.42.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.51-150200.3.42.1.s390x",
"product": {
"name": "apache2-worker-2.4.51-150200.3.42.1.s390x",
"product_id": "apache2-worker-2.4.51-150200.3.42.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.51-150200.3.42.1.x86_64",
"product": {
"name": "apache2-2.4.51-150200.3.42.1.x86_64",
"product_id": "apache2-2.4.51-150200.3.42.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.4.51-150200.3.42.1.x86_64",
"product": {
"name": "apache2-devel-2.4.51-150200.3.42.1.x86_64",
"product_id": "apache2-devel-2.4.51-150200.3.42.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-event-2.4.51-150200.3.42.1.x86_64",
"product": {
"name": "apache2-event-2.4.51-150200.3.42.1.x86_64",
"product_id": "apache2-event-2.4.51-150200.3.42.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.51-150200.3.42.1.x86_64",
"product": {
"name": "apache2-example-pages-2.4.51-150200.3.42.1.x86_64",
"product_id": "apache2-example-pages-2.4.51-150200.3.42.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.51-150200.3.42.1.x86_64",
"product": {
"name": "apache2-prefork-2.4.51-150200.3.42.1.x86_64",
"product_id": "apache2-prefork-2.4.51-150200.3.42.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.51-150200.3.42.1.x86_64",
"product": {
"name": "apache2-utils-2.4.51-150200.3.42.1.x86_64",
"product_id": "apache2-utils-2.4.51-150200.3.42.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.51-150200.3.42.1.x86_64",
"product": {
"name": "apache2-worker-2.4.51-150200.3.42.1.x86_64",
"product_id": "apache2-worker-2.4.51-150200.3.42.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.51-150200.3.42.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.aarch64"
},
"product_reference": "apache2-2.4.51-150200.3.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.51-150200.3.42.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.ppc64le"
},
"product_reference": "apache2-2.4.51-150200.3.42.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.51-150200.3.42.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.s390x"
},
"product_reference": "apache2-2.4.51-150200.3.42.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.51-150200.3.42.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.x86_64"
},
"product_reference": "apache2-2.4.51-150200.3.42.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.51-150200.3.42.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.aarch64"
},
"product_reference": "apache2-devel-2.4.51-150200.3.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.51-150200.3.42.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.ppc64le"
},
"product_reference": "apache2-devel-2.4.51-150200.3.42.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.51-150200.3.42.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.s390x"
},
"product_reference": "apache2-devel-2.4.51-150200.3.42.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.51-150200.3.42.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.x86_64"
},
"product_reference": "apache2-devel-2.4.51-150200.3.42.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.51-150200.3.42.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-doc-2.4.51-150200.3.42.1.noarch"
},
"product_reference": "apache2-doc-2.4.51-150200.3.42.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-event-2.4.51-150200.3.42.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.aarch64"
},
"product_reference": "apache2-event-2.4.51-150200.3.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-event-2.4.51-150200.3.42.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.ppc64le"
},
"product_reference": "apache2-event-2.4.51-150200.3.42.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-event-2.4.51-150200.3.42.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.s390x"
},
"product_reference": "apache2-event-2.4.51-150200.3.42.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-event-2.4.51-150200.3.42.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.x86_64"
},
"product_reference": "apache2-event-2.4.51-150200.3.42.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.51-150200.3.42.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.aarch64"
},
"product_reference": "apache2-example-pages-2.4.51-150200.3.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.51-150200.3.42.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.ppc64le"
},
"product_reference": "apache2-example-pages-2.4.51-150200.3.42.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.51-150200.3.42.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.s390x"
},
"product_reference": "apache2-example-pages-2.4.51-150200.3.42.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.51-150200.3.42.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.x86_64"
},
"product_reference": "apache2-example-pages-2.4.51-150200.3.42.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.51-150200.3.42.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.aarch64"
},
"product_reference": "apache2-prefork-2.4.51-150200.3.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.51-150200.3.42.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.ppc64le"
},
"product_reference": "apache2-prefork-2.4.51-150200.3.42.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.51-150200.3.42.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.s390x"
},
"product_reference": "apache2-prefork-2.4.51-150200.3.42.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.51-150200.3.42.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.x86_64"
},
"product_reference": "apache2-prefork-2.4.51-150200.3.42.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.51-150200.3.42.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.aarch64"
},
"product_reference": "apache2-utils-2.4.51-150200.3.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.51-150200.3.42.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.ppc64le"
},
"product_reference": "apache2-utils-2.4.51-150200.3.42.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.51-150200.3.42.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.s390x"
},
"product_reference": "apache2-utils-2.4.51-150200.3.42.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.51-150200.3.42.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.x86_64"
},
"product_reference": "apache2-utils-2.4.51-150200.3.42.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.51-150200.3.42.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.aarch64"
},
"product_reference": "apache2-worker-2.4.51-150200.3.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.51-150200.3.42.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.ppc64le"
},
"product_reference": "apache2-worker-2.4.51-150200.3.42.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.51-150200.3.42.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.s390x"
},
"product_reference": "apache2-worker-2.4.51-150200.3.42.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.51-150200.3.42.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.x86_64"
},
"product_reference": "apache2-worker-2.4.51-150200.3.42.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-22719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-22719"
}
],
"notes": [
{
"category": "general",
"text": "A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.51-150200.3.42.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-22719",
"url": "https://www.suse.com/security/cve/CVE-2022-22719"
},
{
"category": "external",
"summary": "SUSE Bug 1197091 for CVE-2022-22719",
"url": "https://bugzilla.suse.com/1197091"
},
{
"category": "external",
"summary": "SUSE Bug 1198430 for CVE-2022-22719",
"url": "https://bugzilla.suse.com/1198430"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.51-150200.3.42.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.51-150200.3.42.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-29T15:35:03Z",
"details": "moderate"
}
],
"title": "CVE-2022-22719"
},
{
"cve": "CVE-2022-22720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-22720"
}
],
"notes": [
{
"category": "general",
"text": "Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.51-150200.3.42.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-22720",
"url": "https://www.suse.com/security/cve/CVE-2022-22720"
},
{
"category": "external",
"summary": "SUSE Bug 1197095 for CVE-2022-22720",
"url": "https://bugzilla.suse.com/1197095"
},
{
"category": "external",
"summary": "SUSE Bug 1198430 for CVE-2022-22720",
"url": "https://bugzilla.suse.com/1198430"
},
{
"category": "external",
"summary": "SUSE Bug 1198998 for CVE-2022-22720",
"url": "https://bugzilla.suse.com/1198998"
},
{
"category": "external",
"summary": "SUSE Bug 1199102 for CVE-2022-22720",
"url": "https://bugzilla.suse.com/1199102"
},
{
"category": "external",
"summary": "SUSE Bug 1199495 for CVE-2022-22720",
"url": "https://bugzilla.suse.com/1199495"
},
{
"category": "external",
"summary": "SUSE Bug 1204730 for CVE-2022-22720",
"url": "https://bugzilla.suse.com/1204730"
},
{
"category": "external",
"summary": "SUSE Bug 1225670 for CVE-2022-22720",
"url": "https://bugzilla.suse.com/1225670"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.51-150200.3.42.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.51-150200.3.42.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-29T15:35:03Z",
"details": "important"
}
],
"title": "CVE-2022-22720"
},
{
"cve": "CVE-2022-22721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-22721"
}
],
"notes": [
{
"category": "general",
"text": "If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.51-150200.3.42.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-22721",
"url": "https://www.suse.com/security/cve/CVE-2022-22721"
},
{
"category": "external",
"summary": "SUSE Bug 1197096 for CVE-2022-22721",
"url": "https://bugzilla.suse.com/1197096"
},
{
"category": "external",
"summary": "SUSE Bug 1198430 for CVE-2022-22721",
"url": "https://bugzilla.suse.com/1198430"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.51-150200.3.42.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.51-150200.3.42.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-29T15:35:03Z",
"details": "important"
}
],
"title": "CVE-2022-22721"
},
{
"cve": "CVE-2022-23943",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23943"
}
],
"notes": [
{
"category": "general",
"text": "Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.51-150200.3.42.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23943",
"url": "https://www.suse.com/security/cve/CVE-2022-23943"
},
{
"category": "external",
"summary": "SUSE Bug 1197098 for CVE-2022-23943",
"url": "https://bugzilla.suse.com/1197098"
},
{
"category": "external",
"summary": "SUSE Bug 1198430 for CVE-2022-23943",
"url": "https://bugzilla.suse.com/1198430"
},
{
"category": "external",
"summary": "SUSE Bug 1200351 for CVE-2022-23943",
"url": "https://bugzilla.suse.com/1200351"
},
{
"category": "external",
"summary": "SUSE Bug 1219585 for CVE-2022-23943",
"url": "https://bugzilla.suse.com/1219585"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.51-150200.3.42.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.51-150200.3.42.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.51-150200.3.42.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.51-150200.3.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-29T15:35:03Z",
"details": "important"
}
],
"title": "CVE-2022-23943"
}
]
}
OPENSUSE-SU-2024:11919-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
apache2-2.4.53-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: apache2-2.4.53-1.1 on GA media
Description of the patch: These are all security issues fixed in the apache2-2.4.53-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11919
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.53-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.53-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.53-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.53-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.53-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.53-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.53-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.53-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.53-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.53-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.53-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.53-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.53-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.53-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.53-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.53-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
25 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2022-22719/ | self |
| https://www.suse.com/security/cve/CVE-2022-22720/ | self |
| https://www.suse.com/security/cve/CVE-2022-22721/ | self |
| https://www.suse.com/security/cve/CVE-2022-23943/ | self |
| https://www.suse.com/security/cve/CVE-2022-22719 | external |
| https://bugzilla.suse.com/1197091 | external |
| https://bugzilla.suse.com/1198430 | external |
| https://www.suse.com/security/cve/CVE-2022-22720 | external |
| https://bugzilla.suse.com/1197095 | external |
| https://bugzilla.suse.com/1198430 | external |
| https://bugzilla.suse.com/1198998 | external |
| https://bugzilla.suse.com/1199102 | external |
| https://bugzilla.suse.com/1199495 | external |
| https://bugzilla.suse.com/1204730 | external |
| https://bugzilla.suse.com/1225670 | external |
| https://www.suse.com/security/cve/CVE-2022-22721 | external |
| https://bugzilla.suse.com/1197096 | external |
| https://bugzilla.suse.com/1198430 | external |
| https://www.suse.com/security/cve/CVE-2022-23943 | external |
| https://bugzilla.suse.com/1197098 | external |
| https://bugzilla.suse.com/1198430 | external |
| https://bugzilla.suse.com/1200351 | external |
| https://bugzilla.suse.com/1219585 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "apache2-2.4.53-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the apache2-2.4.53-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11919",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11919-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-22719 page",
"url": "https://www.suse.com/security/cve/CVE-2022-22719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-22720 page",
"url": "https://www.suse.com/security/cve/CVE-2022-22720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-22721 page",
"url": "https://www.suse.com/security/cve/CVE-2022-22721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23943 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23943/"
}
],
"title": "apache2-2.4.53-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11919-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.53-1.1.aarch64",
"product": {
"name": "apache2-2.4.53-1.1.aarch64",
"product_id": "apache2-2.4.53-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.53-1.1.ppc64le",
"product": {
"name": "apache2-2.4.53-1.1.ppc64le",
"product_id": "apache2-2.4.53-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.53-1.1.s390x",
"product": {
"name": "apache2-2.4.53-1.1.s390x",
"product_id": "apache2-2.4.53-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.53-1.1.x86_64",
"product": {
"name": "apache2-2.4.53-1.1.x86_64",
"product_id": "apache2-2.4.53-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.53-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache2-2.4.53-1.1.aarch64"
},
"product_reference": "apache2-2.4.53-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.53-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache2-2.4.53-1.1.ppc64le"
},
"product_reference": "apache2-2.4.53-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.53-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache2-2.4.53-1.1.s390x"
},
"product_reference": "apache2-2.4.53-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.53-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache2-2.4.53-1.1.x86_64"
},
"product_reference": "apache2-2.4.53-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-22719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-22719"
}
],
"notes": [
{
"category": "general",
"text": "A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.53-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-22719",
"url": "https://www.suse.com/security/cve/CVE-2022-22719"
},
{
"category": "external",
"summary": "SUSE Bug 1197091 for CVE-2022-22719",
"url": "https://bugzilla.suse.com/1197091"
},
{
"category": "external",
"summary": "SUSE Bug 1198430 for CVE-2022-22719",
"url": "https://bugzilla.suse.com/1198430"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.53-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.53-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-22719"
},
{
"cve": "CVE-2022-22720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-22720"
}
],
"notes": [
{
"category": "general",
"text": "Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.53-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-22720",
"url": "https://www.suse.com/security/cve/CVE-2022-22720"
},
{
"category": "external",
"summary": "SUSE Bug 1197095 for CVE-2022-22720",
"url": "https://bugzilla.suse.com/1197095"
},
{
"category": "external",
"summary": "SUSE Bug 1198430 for CVE-2022-22720",
"url": "https://bugzilla.suse.com/1198430"
},
{
"category": "external",
"summary": "SUSE Bug 1198998 for CVE-2022-22720",
"url": "https://bugzilla.suse.com/1198998"
},
{
"category": "external",
"summary": "SUSE Bug 1199102 for CVE-2022-22720",
"url": "https://bugzilla.suse.com/1199102"
},
{
"category": "external",
"summary": "SUSE Bug 1199495 for CVE-2022-22720",
"url": "https://bugzilla.suse.com/1199495"
},
{
"category": "external",
"summary": "SUSE Bug 1204730 for CVE-2022-22720",
"url": "https://bugzilla.suse.com/1204730"
},
{
"category": "external",
"summary": "SUSE Bug 1225670 for CVE-2022-22720",
"url": "https://bugzilla.suse.com/1225670"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.53-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.53-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-22720"
},
{
"cve": "CVE-2022-22721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-22721"
}
],
"notes": [
{
"category": "general",
"text": "If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.53-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-22721",
"url": "https://www.suse.com/security/cve/CVE-2022-22721"
},
{
"category": "external",
"summary": "SUSE Bug 1197096 for CVE-2022-22721",
"url": "https://bugzilla.suse.com/1197096"
},
{
"category": "external",
"summary": "SUSE Bug 1198430 for CVE-2022-22721",
"url": "https://bugzilla.suse.com/1198430"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.53-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.53-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-22721"
},
{
"cve": "CVE-2022-23943",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23943"
}
],
"notes": [
{
"category": "general",
"text": "Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.53-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23943",
"url": "https://www.suse.com/security/cve/CVE-2022-23943"
},
{
"category": "external",
"summary": "SUSE Bug 1197098 for CVE-2022-23943",
"url": "https://bugzilla.suse.com/1197098"
},
{
"category": "external",
"summary": "SUSE Bug 1198430 for CVE-2022-23943",
"url": "https://bugzilla.suse.com/1198430"
},
{
"category": "external",
"summary": "SUSE Bug 1200351 for CVE-2022-23943",
"url": "https://bugzilla.suse.com/1200351"
},
{
"category": "external",
"summary": "SUSE Bug 1219585 for CVE-2022-23943",
"url": "https://bugzilla.suse.com/1219585"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.53-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.53-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.53-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-23943"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…