Action not permitted
Modal body text goes here.
Modal Title
Modal Body
usn-5487-2
Vulnerability from osv_ubuntu
USN-5487-1 fixed several vulnerabilities in Apache. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations on Ubuntu 14.04 ESM. This update reverts those changes till further fix.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-26377)
It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-28614)
It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information. (CVE-2022-28615)
It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-29404)
It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash. (CVE-2022-30522)
It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2022-30556)
It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to bypass IP based authentication. (CVE-2022-31813)
| URL | Type | |
|---|---|---|
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [],
"ecosystem": "Ubuntu:Pro:14.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-mpm-event",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-mpm-itk",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-mpm-prefork",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-mpm-worker",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-suexec",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2.2-bin",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "libapache2-mod-macro",
"binary_version": "1:2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "libapache2-mod-proxy-html",
"binary_version": "1:2.4.7-1ubuntu4.22+esm6"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.7-1ubuntu4.22+esm6?arch=source\u0026distro=trusty/esm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.7-1ubuntu4.22+esm6"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.6-2ubuntu2",
"2.4.6-2ubuntu3",
"2.4.6-2ubuntu4",
"2.4.7-1ubuntu1",
"2.4.7-1ubuntu2",
"2.4.7-1ubuntu3",
"2.4.7-1ubuntu4",
"2.4.7-1ubuntu4.1",
"2.4.7-1ubuntu4.4",
"2.4.7-1ubuntu4.5",
"2.4.7-1ubuntu4.6",
"2.4.7-1ubuntu4.7",
"2.4.7-1ubuntu4.8",
"2.4.7-1ubuntu4.9",
"2.4.7-1ubuntu4.10",
"2.4.7-1ubuntu4.11",
"2.4.7-1ubuntu4.13",
"2.4.7-1ubuntu4.15",
"2.4.7-1ubuntu4.16",
"2.4.7-1ubuntu4.17",
"2.4.7-1ubuntu4.18",
"2.4.7-1ubuntu4.19",
"2.4.7-1ubuntu4.20",
"2.4.7-1ubuntu4.21",
"2.4.7-1ubuntu4.22",
"2.4.7-1ubuntu4.22+esm1",
"2.4.7-1ubuntu4.22+esm2",
"2.4.7-1ubuntu4.22+esm3",
"2.4.7-1ubuntu4.22+esm4",
"2.4.7-1ubuntu4.22+esm5"
]
}
],
"aliases": [],
"details": "USN-5487-1 fixed several vulnerabilities in Apache. Unfortunately, that update introduced\na regression when proxying balancer manager connections in some configurations\non Ubuntu 14.04 ESM. This update reverts those changes till further fix.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\n It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled\n certain crafted request. A remote attacker could possibly use this issue to\n perform an HTTP Request Smuggling attack. (CVE-2022-26377)\n \n It was discovered that Apache HTTP Server incorrectly handled certain\n request. An attacker could possibly use this issue to cause a denial\n of service. (CVE-2022-28614)\n \n It was discovered that Apache HTTP Server incorrectly handled certain request.\n An attacker could possibly use this issue to cause a crash or expose\n sensitive information. (CVE-2022-28615)\n \n It was discovered that Apache HTTP Server incorrectly handled certain request.\n An attacker could possibly use this issue to cause a denial of service.\n (CVE-2022-29404)\n \n It was discovered that Apache HTTP Server incorrectly handled certain\n request. An attacker could possibly use this issue to cause a crash.\n (CVE-2022-30522)\n \n It was discovered that Apache HTTP Server incorrectly handled certain request.\n An attacker could possibly use this issue to execute arbitrary code or cause\n a crash. (CVE-2022-30556)\n \n It was discovered that Apache HTTP Server incorrectly handled certain request.\n An attacker could possibly use this issue to bypass IP based authentication.\n (CVE-2022-31813)\n",
"id": "USN-5487-2",
"modified": "2026-06-29T10:52:56Z",
"published": "2022-06-23T09:29:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5487-2"
},
{
"type": "REPORT",
"url": "https://launchpad.net/bugs/1979577"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "apache2 regression",
"upstream": []
}
ubuntu-cve-2022-26377
Vulnerability from osv_ubuntu
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.7-1ubuntu4.22+esm5"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.7-1ubuntu4.22+esm5"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.7-1ubuntu4.22+esm5"
},
{
"binary_name": "apache2-mpm-event",
"binary_version": "2.4.7-1ubuntu4.22+esm5"
},
{
"binary_name": "apache2-mpm-itk",
"binary_version": "2.4.7-1ubuntu4.22+esm5"
},
{
"binary_name": "apache2-mpm-prefork",
"binary_version": "2.4.7-1ubuntu4.22+esm5"
},
{
"binary_name": "apache2-mpm-worker",
"binary_version": "2.4.7-1ubuntu4.22+esm5"
},
{
"binary_name": "apache2-suexec",
"binary_version": "2.4.7-1ubuntu4.22+esm5"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.7-1ubuntu4.22+esm5"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.7-1ubuntu4.22+esm5"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.7-1ubuntu4.22+esm5"
},
{
"binary_name": "apache2.2-bin",
"binary_version": "2.4.7-1ubuntu4.22+esm5"
},
{
"binary_name": "libapache2-mod-macro",
"binary_version": "1:2.4.7-1ubuntu4.22+esm5"
},
{
"binary_name": "libapache2-mod-proxy-html",
"binary_version": "1:2.4.7-1ubuntu4.22+esm5"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.7-1ubuntu4.22+esm5?arch=source\u0026distro=trusty/esm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.7-1ubuntu4.22+esm5"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.6-2ubuntu2",
"2.4.6-2ubuntu3",
"2.4.6-2ubuntu4",
"2.4.7-1ubuntu1",
"2.4.7-1ubuntu2",
"2.4.7-1ubuntu3",
"2.4.7-1ubuntu4",
"2.4.7-1ubuntu4.1",
"2.4.7-1ubuntu4.4",
"2.4.7-1ubuntu4.5",
"2.4.7-1ubuntu4.6",
"2.4.7-1ubuntu4.7",
"2.4.7-1ubuntu4.8",
"2.4.7-1ubuntu4.9",
"2.4.7-1ubuntu4.10",
"2.4.7-1ubuntu4.11",
"2.4.7-1ubuntu4.13",
"2.4.7-1ubuntu4.15",
"2.4.7-1ubuntu4.16",
"2.4.7-1ubuntu4.17",
"2.4.7-1ubuntu4.18",
"2.4.7-1ubuntu4.19",
"2.4.7-1ubuntu4.20",
"2.4.7-1ubuntu4.21",
"2.4.7-1ubuntu4.22",
"2.4.7-1ubuntu4.22+esm1",
"2.4.7-1ubuntu4.22+esm2",
"2.4.7-1ubuntu4.22+esm3",
"2.4.7-1ubuntu4.22+esm4"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.18-2ubuntu3.17+esm6?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.18-2ubuntu3.17+esm6"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.12-2ubuntu2",
"2.4.17-1ubuntu1",
"2.4.17-2ubuntu1",
"2.4.17-3ubuntu1",
"2.4.18-1ubuntu1",
"2.4.18-2ubuntu1",
"2.4.18-2ubuntu2",
"2.4.18-2ubuntu3",
"2.4.18-2ubuntu3.1",
"2.4.18-2ubuntu3.2",
"2.4.18-2ubuntu3.3",
"2.4.18-2ubuntu3.4",
"2.4.18-2ubuntu3.5",
"2.4.18-2ubuntu3.7",
"2.4.18-2ubuntu3.8",
"2.4.18-2ubuntu3.9",
"2.4.18-2ubuntu3.10",
"2.4.18-2ubuntu3.12",
"2.4.18-2ubuntu3.13",
"2.4.18-2ubuntu3.14",
"2.4.18-2ubuntu3.15",
"2.4.18-2ubuntu3.17",
"2.4.18-2ubuntu3.17+esm1",
"2.4.18-2ubuntu3.17+esm2",
"2.4.18-2ubuntu3.17+esm3",
"2.4.18-2ubuntu3.17+esm4",
"2.4.18-2ubuntu3.17+esm5"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.29-1ubuntu4.24"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.29-1ubuntu4.24"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.29-1ubuntu4.24"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.29-1ubuntu4.24"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.29-1ubuntu4.24"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.29-1ubuntu4.24"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.29-1ubuntu4.24?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.29-1ubuntu4.24"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.27-2ubuntu3",
"2.4.29-1ubuntu1",
"2.4.29-1ubuntu2",
"2.4.29-1ubuntu3",
"2.4.29-1ubuntu4",
"2.4.29-1ubuntu4.1",
"2.4.29-1ubuntu4.2",
"2.4.29-1ubuntu4.3",
"2.4.29-1ubuntu4.4",
"2.4.29-1ubuntu4.5",
"2.4.29-1ubuntu4.6",
"2.4.29-1ubuntu4.7",
"2.4.29-1ubuntu4.8",
"2.4.29-1ubuntu4.10",
"2.4.29-1ubuntu4.11",
"2.4.29-1ubuntu4.12",
"2.4.29-1ubuntu4.13",
"2.4.29-1ubuntu4.14",
"2.4.29-1ubuntu4.16",
"2.4.29-1ubuntu4.17",
"2.4.29-1ubuntu4.18",
"2.4.29-1ubuntu4.19",
"2.4.29-1ubuntu4.20",
"2.4.29-1ubuntu4.21",
"2.4.29-1ubuntu4.22",
"2.4.29-1ubuntu4.23"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "libapache2-mod-md",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "libapache2-mod-proxy-uwsgi",
"binary_version": "2.4.41-4ubuntu3.12"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.41-4ubuntu3.12?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.41-4ubuntu3.12"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.41-1ubuntu1",
"2.4.41-4ubuntu1",
"2.4.41-4ubuntu2",
"2.4.41-4ubuntu3",
"2.4.41-4ubuntu3.1",
"2.4.41-4ubuntu3.3",
"2.4.41-4ubuntu3.4",
"2.4.41-4ubuntu3.5",
"2.4.41-4ubuntu3.6",
"2.4.41-4ubuntu3.7",
"2.4.41-4ubuntu3.8",
"2.4.41-4ubuntu3.9",
"2.4.41-4ubuntu3.10",
"2.4.41-4ubuntu3.11"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "libapache2-mod-md",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "libapache2-mod-proxy-uwsgi",
"binary_version": "2.4.52-1ubuntu4.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.52-1ubuntu4.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.52-1ubuntu4.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.48-3.1ubuntu3",
"2.4.48-3.1ubuntu4",
"2.4.51-2ubuntu1",
"2.4.52-1ubuntu1",
"2.4.52-1ubuntu2",
"2.4.52-1ubuntu4"
]
}
],
"aliases": [],
"details": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027) vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.",
"id": "UBUNTU-CVE-2022-26377",
"modified": "2026-04-22T07:41:32Z",
"published": "2022-06-09T17:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-26377"
},
{
"type": "REPORT",
"url": "https://www.openwall.com/lists/oss-security/2022/06/08/2"
},
{
"type": "REPORT",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-26377"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5487-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5487-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5487-3"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26377"
}
],
"related": [
"USN-5487-1",
"USN-5487-2",
"USN-5487-3"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2022-26377"
]
}
ubuntu-cve-2022-28614
Vulnerability from osv_ubuntu
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.
| URL | Type | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-mpm-event",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-mpm-itk",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-mpm-prefork",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-mpm-worker",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-suexec",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2.2-bin",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "libapache2-mod-macro",
"binary_version": "1:2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "libapache2-mod-proxy-html",
"binary_version": "1:2.4.7-1ubuntu4.22+esm6"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.7-1ubuntu4.22+esm6?arch=source\u0026distro=trusty/esm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.7-1ubuntu4.22+esm6"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.6-2ubuntu2",
"2.4.6-2ubuntu3",
"2.4.6-2ubuntu4",
"2.4.7-1ubuntu1",
"2.4.7-1ubuntu2",
"2.4.7-1ubuntu3",
"2.4.7-1ubuntu4",
"2.4.7-1ubuntu4.1",
"2.4.7-1ubuntu4.4",
"2.4.7-1ubuntu4.5",
"2.4.7-1ubuntu4.6",
"2.4.7-1ubuntu4.7",
"2.4.7-1ubuntu4.8",
"2.4.7-1ubuntu4.9",
"2.4.7-1ubuntu4.10",
"2.4.7-1ubuntu4.11",
"2.4.7-1ubuntu4.13",
"2.4.7-1ubuntu4.15",
"2.4.7-1ubuntu4.16",
"2.4.7-1ubuntu4.17",
"2.4.7-1ubuntu4.18",
"2.4.7-1ubuntu4.19",
"2.4.7-1ubuntu4.20",
"2.4.7-1ubuntu4.21",
"2.4.7-1ubuntu4.22",
"2.4.7-1ubuntu4.22+esm1",
"2.4.7-1ubuntu4.22+esm2",
"2.4.7-1ubuntu4.22+esm3",
"2.4.7-1ubuntu4.22+esm4",
"2.4.7-1ubuntu4.22+esm5"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.18-2ubuntu3.17+esm6?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.18-2ubuntu3.17+esm6"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.12-2ubuntu2",
"2.4.17-1ubuntu1",
"2.4.17-2ubuntu1",
"2.4.17-3ubuntu1",
"2.4.18-1ubuntu1",
"2.4.18-2ubuntu1",
"2.4.18-2ubuntu2",
"2.4.18-2ubuntu3",
"2.4.18-2ubuntu3.1",
"2.4.18-2ubuntu3.2",
"2.4.18-2ubuntu3.3",
"2.4.18-2ubuntu3.4",
"2.4.18-2ubuntu3.5",
"2.4.18-2ubuntu3.7",
"2.4.18-2ubuntu3.8",
"2.4.18-2ubuntu3.9",
"2.4.18-2ubuntu3.10",
"2.4.18-2ubuntu3.12",
"2.4.18-2ubuntu3.13",
"2.4.18-2ubuntu3.14",
"2.4.18-2ubuntu3.15",
"2.4.18-2ubuntu3.17",
"2.4.18-2ubuntu3.17+esm1",
"2.4.18-2ubuntu3.17+esm2",
"2.4.18-2ubuntu3.17+esm3",
"2.4.18-2ubuntu3.17+esm4",
"2.4.18-2ubuntu3.17+esm5"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.29-1ubuntu4.24"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.29-1ubuntu4.24"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.29-1ubuntu4.24"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.29-1ubuntu4.24"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.29-1ubuntu4.24"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.29-1ubuntu4.24"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.29-1ubuntu4.24?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.29-1ubuntu4.24"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.27-2ubuntu3",
"2.4.29-1ubuntu1",
"2.4.29-1ubuntu2",
"2.4.29-1ubuntu3",
"2.4.29-1ubuntu4",
"2.4.29-1ubuntu4.1",
"2.4.29-1ubuntu4.2",
"2.4.29-1ubuntu4.3",
"2.4.29-1ubuntu4.4",
"2.4.29-1ubuntu4.5",
"2.4.29-1ubuntu4.6",
"2.4.29-1ubuntu4.7",
"2.4.29-1ubuntu4.8",
"2.4.29-1ubuntu4.10",
"2.4.29-1ubuntu4.11",
"2.4.29-1ubuntu4.12",
"2.4.29-1ubuntu4.13",
"2.4.29-1ubuntu4.14",
"2.4.29-1ubuntu4.16",
"2.4.29-1ubuntu4.17",
"2.4.29-1ubuntu4.18",
"2.4.29-1ubuntu4.19",
"2.4.29-1ubuntu4.20",
"2.4.29-1ubuntu4.21",
"2.4.29-1ubuntu4.22",
"2.4.29-1ubuntu4.23"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "libapache2-mod-md",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "libapache2-mod-proxy-uwsgi",
"binary_version": "2.4.41-4ubuntu3.12"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.41-4ubuntu3.12?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.41-4ubuntu3.12"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.41-1ubuntu1",
"2.4.41-4ubuntu1",
"2.4.41-4ubuntu2",
"2.4.41-4ubuntu3",
"2.4.41-4ubuntu3.1",
"2.4.41-4ubuntu3.3",
"2.4.41-4ubuntu3.4",
"2.4.41-4ubuntu3.5",
"2.4.41-4ubuntu3.6",
"2.4.41-4ubuntu3.7",
"2.4.41-4ubuntu3.8",
"2.4.41-4ubuntu3.9",
"2.4.41-4ubuntu3.10",
"2.4.41-4ubuntu3.11"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "libapache2-mod-md",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "libapache2-mod-proxy-uwsgi",
"binary_version": "2.4.52-1ubuntu4.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.52-1ubuntu4.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.52-1ubuntu4.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.48-3.1ubuntu3",
"2.4.48-3.1ubuntu4",
"2.4.51-2ubuntu1",
"2.4.52-1ubuntu1",
"2.4.52-1ubuntu2",
"2.4.52-1ubuntu4"
]
}
],
"aliases": [],
"details": "The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the \u0027ap_rputs\u0027 function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.",
"id": "UBUNTU-CVE-2022-28614",
"modified": "2026-04-22T07:41:34Z",
"published": "2022-06-09T17:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-28614"
},
{
"type": "REPORT",
"url": "https://www.openwall.com/lists/oss-security/2022/06/08/4"
},
{
"type": "REPORT",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28614"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5487-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5487-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5487-3"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28614"
}
],
"related": [
"USN-5487-1",
"USN-5487-2",
"USN-5487-3"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2022-28614"
]
}
ubuntu-cve-2022-28615
Vulnerability from osv_ubuntu
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.
| URL | Type | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-mpm-event",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-mpm-itk",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-mpm-prefork",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-mpm-worker",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-suexec",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2.2-bin",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "libapache2-mod-macro",
"binary_version": "1:2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "libapache2-mod-proxy-html",
"binary_version": "1:2.4.7-1ubuntu4.22+esm6"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.7-1ubuntu4.22+esm6?arch=source\u0026distro=trusty/esm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.7-1ubuntu4.22+esm6"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.6-2ubuntu2",
"2.4.6-2ubuntu3",
"2.4.6-2ubuntu4",
"2.4.7-1ubuntu1",
"2.4.7-1ubuntu2",
"2.4.7-1ubuntu3",
"2.4.7-1ubuntu4",
"2.4.7-1ubuntu4.1",
"2.4.7-1ubuntu4.4",
"2.4.7-1ubuntu4.5",
"2.4.7-1ubuntu4.6",
"2.4.7-1ubuntu4.7",
"2.4.7-1ubuntu4.8",
"2.4.7-1ubuntu4.9",
"2.4.7-1ubuntu4.10",
"2.4.7-1ubuntu4.11",
"2.4.7-1ubuntu4.13",
"2.4.7-1ubuntu4.15",
"2.4.7-1ubuntu4.16",
"2.4.7-1ubuntu4.17",
"2.4.7-1ubuntu4.18",
"2.4.7-1ubuntu4.19",
"2.4.7-1ubuntu4.20",
"2.4.7-1ubuntu4.21",
"2.4.7-1ubuntu4.22",
"2.4.7-1ubuntu4.22+esm1",
"2.4.7-1ubuntu4.22+esm2",
"2.4.7-1ubuntu4.22+esm3",
"2.4.7-1ubuntu4.22+esm4",
"2.4.7-1ubuntu4.22+esm5"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.18-2ubuntu3.17+esm6?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.18-2ubuntu3.17+esm6"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.12-2ubuntu2",
"2.4.17-1ubuntu1",
"2.4.17-2ubuntu1",
"2.4.17-3ubuntu1",
"2.4.18-1ubuntu1",
"2.4.18-2ubuntu1",
"2.4.18-2ubuntu2",
"2.4.18-2ubuntu3",
"2.4.18-2ubuntu3.1",
"2.4.18-2ubuntu3.2",
"2.4.18-2ubuntu3.3",
"2.4.18-2ubuntu3.4",
"2.4.18-2ubuntu3.5",
"2.4.18-2ubuntu3.7",
"2.4.18-2ubuntu3.8",
"2.4.18-2ubuntu3.9",
"2.4.18-2ubuntu3.10",
"2.4.18-2ubuntu3.12",
"2.4.18-2ubuntu3.13",
"2.4.18-2ubuntu3.14",
"2.4.18-2ubuntu3.15",
"2.4.18-2ubuntu3.17",
"2.4.18-2ubuntu3.17+esm1",
"2.4.18-2ubuntu3.17+esm2",
"2.4.18-2ubuntu3.17+esm3",
"2.4.18-2ubuntu3.17+esm4",
"2.4.18-2ubuntu3.17+esm5"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.29-1ubuntu4.24"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.29-1ubuntu4.24"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.29-1ubuntu4.24"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.29-1ubuntu4.24"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.29-1ubuntu4.24"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.29-1ubuntu4.24"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.29-1ubuntu4.24?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.29-1ubuntu4.24"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.27-2ubuntu3",
"2.4.29-1ubuntu1",
"2.4.29-1ubuntu2",
"2.4.29-1ubuntu3",
"2.4.29-1ubuntu4",
"2.4.29-1ubuntu4.1",
"2.4.29-1ubuntu4.2",
"2.4.29-1ubuntu4.3",
"2.4.29-1ubuntu4.4",
"2.4.29-1ubuntu4.5",
"2.4.29-1ubuntu4.6",
"2.4.29-1ubuntu4.7",
"2.4.29-1ubuntu4.8",
"2.4.29-1ubuntu4.10",
"2.4.29-1ubuntu4.11",
"2.4.29-1ubuntu4.12",
"2.4.29-1ubuntu4.13",
"2.4.29-1ubuntu4.14",
"2.4.29-1ubuntu4.16",
"2.4.29-1ubuntu4.17",
"2.4.29-1ubuntu4.18",
"2.4.29-1ubuntu4.19",
"2.4.29-1ubuntu4.20",
"2.4.29-1ubuntu4.21",
"2.4.29-1ubuntu4.22",
"2.4.29-1ubuntu4.23"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "libapache2-mod-md",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "libapache2-mod-proxy-uwsgi",
"binary_version": "2.4.41-4ubuntu3.12"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.41-4ubuntu3.12?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.41-4ubuntu3.12"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.41-1ubuntu1",
"2.4.41-4ubuntu1",
"2.4.41-4ubuntu2",
"2.4.41-4ubuntu3",
"2.4.41-4ubuntu3.1",
"2.4.41-4ubuntu3.3",
"2.4.41-4ubuntu3.4",
"2.4.41-4ubuntu3.5",
"2.4.41-4ubuntu3.6",
"2.4.41-4ubuntu3.7",
"2.4.41-4ubuntu3.8",
"2.4.41-4ubuntu3.9",
"2.4.41-4ubuntu3.10",
"2.4.41-4ubuntu3.11"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "libapache2-mod-md",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "libapache2-mod-proxy-uwsgi",
"binary_version": "2.4.52-1ubuntu4.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.52-1ubuntu4.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.52-1ubuntu4.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.48-3.1ubuntu3",
"2.4.48-3.1ubuntu4",
"2.4.51-2ubuntu1",
"2.4.52-1ubuntu1",
"2.4.52-1ubuntu2",
"2.4.52-1ubuntu4"
]
}
],
"aliases": [],
"details": "Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.",
"id": "UBUNTU-CVE-2022-28615",
"modified": "2026-04-22T07:41:34Z",
"published": "2022-06-09T17:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-28615"
},
{
"type": "REPORT",
"url": "https://www.openwall.com/lists/oss-security/2022/06/08/9"
},
{
"type": "REPORT",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28615"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5487-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5487-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5487-3"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28615"
}
],
"related": [
"USN-5487-1",
"USN-5487-2",
"USN-5487-3"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2022-28615"
]
}
ubuntu-cve-2022-29404
Vulnerability from osv_ubuntu
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.
| URL | Type | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-mpm-event",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-mpm-itk",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-mpm-prefork",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-mpm-worker",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-suexec",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "apache2.2-bin",
"binary_version": "2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "libapache2-mod-macro",
"binary_version": "1:2.4.7-1ubuntu4.22+esm6"
},
{
"binary_name": "libapache2-mod-proxy-html",
"binary_version": "1:2.4.7-1ubuntu4.22+esm6"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.7-1ubuntu4.22+esm6?arch=source\u0026distro=trusty/esm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.7-1ubuntu4.22+esm6"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.6-2ubuntu2",
"2.4.6-2ubuntu3",
"2.4.6-2ubuntu4",
"2.4.7-1ubuntu1",
"2.4.7-1ubuntu2",
"2.4.7-1ubuntu3",
"2.4.7-1ubuntu4",
"2.4.7-1ubuntu4.1",
"2.4.7-1ubuntu4.4",
"2.4.7-1ubuntu4.5",
"2.4.7-1ubuntu4.6",
"2.4.7-1ubuntu4.7",
"2.4.7-1ubuntu4.8",
"2.4.7-1ubuntu4.9",
"2.4.7-1ubuntu4.10",
"2.4.7-1ubuntu4.11",
"2.4.7-1ubuntu4.13",
"2.4.7-1ubuntu4.15",
"2.4.7-1ubuntu4.16",
"2.4.7-1ubuntu4.17",
"2.4.7-1ubuntu4.18",
"2.4.7-1ubuntu4.19",
"2.4.7-1ubuntu4.20",
"2.4.7-1ubuntu4.21",
"2.4.7-1ubuntu4.22",
"2.4.7-1ubuntu4.22+esm1",
"2.4.7-1ubuntu4.22+esm2",
"2.4.7-1ubuntu4.22+esm3",
"2.4.7-1ubuntu4.22+esm4",
"2.4.7-1ubuntu4.22+esm5"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.18-2ubuntu3.17+esm6?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.18-2ubuntu3.17+esm6"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.12-2ubuntu2",
"2.4.17-1ubuntu1",
"2.4.17-2ubuntu1",
"2.4.17-3ubuntu1",
"2.4.18-1ubuntu1",
"2.4.18-2ubuntu1",
"2.4.18-2ubuntu2",
"2.4.18-2ubuntu3",
"2.4.18-2ubuntu3.1",
"2.4.18-2ubuntu3.2",
"2.4.18-2ubuntu3.3",
"2.4.18-2ubuntu3.4",
"2.4.18-2ubuntu3.5",
"2.4.18-2ubuntu3.7",
"2.4.18-2ubuntu3.8",
"2.4.18-2ubuntu3.9",
"2.4.18-2ubuntu3.10",
"2.4.18-2ubuntu3.12",
"2.4.18-2ubuntu3.13",
"2.4.18-2ubuntu3.14",
"2.4.18-2ubuntu3.15",
"2.4.18-2ubuntu3.17",
"2.4.18-2ubuntu3.17+esm1",
"2.4.18-2ubuntu3.17+esm2",
"2.4.18-2ubuntu3.17+esm3",
"2.4.18-2ubuntu3.17+esm4",
"2.4.18-2ubuntu3.17+esm5"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.29-1ubuntu4.24"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.29-1ubuntu4.24"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.29-1ubuntu4.24"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.29-1ubuntu4.24"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.29-1ubuntu4.24"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.29-1ubuntu4.24"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.29-1ubuntu4.24?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.29-1ubuntu4.24"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.27-2ubuntu3",
"2.4.29-1ubuntu1",
"2.4.29-1ubuntu2",
"2.4.29-1ubuntu3",
"2.4.29-1ubuntu4",
"2.4.29-1ubuntu4.1",
"2.4.29-1ubuntu4.2",
"2.4.29-1ubuntu4.3",
"2.4.29-1ubuntu4.4",
"2.4.29-1ubuntu4.5",
"2.4.29-1ubuntu4.6",
"2.4.29-1ubuntu4.7",
"2.4.29-1ubuntu4.8",
"2.4.29-1ubuntu4.10",
"2.4.29-1ubuntu4.11",
"2.4.29-1ubuntu4.12",
"2.4.29-1ubuntu4.13",
"2.4.29-1ubuntu4.14",
"2.4.29-1ubuntu4.16",
"2.4.29-1ubuntu4.17",
"2.4.29-1ubuntu4.18",
"2.4.29-1ubuntu4.19",
"2.4.29-1ubuntu4.20",
"2.4.29-1ubuntu4.21",
"2.4.29-1ubuntu4.22",
"2.4.29-1ubuntu4.23"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "libapache2-mod-md",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "libapache2-mod-proxy-uwsgi",
"binary_version": "2.4.41-4ubuntu3.12"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.41-4ubuntu3.12?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.41-4ubuntu3.12"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.41-1ubuntu1",
"2.4.41-4ubuntu1",
"2.4.41-4ubuntu2",
"2.4.41-4ubuntu3",
"2.4.41-4ubuntu3.1",
"2.4.41-4ubuntu3.3",
"2.4.41-4ubuntu3.4",
"2.4.41-4ubuntu3.5",
"2.4.41-4ubuntu3.6",
"2.4.41-4ubuntu3.7",
"2.4.41-4ubuntu3.8",
"2.4.41-4ubuntu3.9",
"2.4.41-4ubuntu3.10",
"2.4.41-4ubuntu3.11"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "libapache2-mod-md",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "libapache2-mod-proxy-uwsgi",
"binary_version": "2.4.52-1ubuntu4.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.52-1ubuntu4.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.52-1ubuntu4.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.48-3.1ubuntu3",
"2.4.48-3.1ubuntu4",
"2.4.51-2ubuntu1",
"2.4.52-1ubuntu1",
"2.4.52-1ubuntu2",
"2.4.52-1ubuntu4"
]
}
],
"aliases": [],
"details": "In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.",
"id": "UBUNTU-CVE-2022-29404",
"modified": "2026-04-22T07:41:34Z",
"published": "2022-06-09T17:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-29404"
},
{
"type": "REPORT",
"url": "https://www.openwall.com/lists/oss-security/2022/06/08/5"
},
{
"type": "REPORT",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-29404"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5487-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5487-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5487-3"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29404"
}
],
"related": [
"USN-5487-1",
"USN-5487-2",
"USN-5487-3"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2022-29404"
]
}
ubuntu-cve-2022-30522
Vulnerability from osv_ubuntu
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.
| URL | Type | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2-mpm-event",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2-mpm-itk",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2-mpm-prefork",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2-mpm-worker",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2-suexec",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2.2-bin",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "libapache2-mod-macro",
"binary_version": "1:2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "libapache2-mod-proxy-html",
"binary_version": "1:2.4.7-1ubuntu4.22+esm8"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.7-1ubuntu4.22+esm8?arch=source\u0026distro=trusty/esm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.7-1ubuntu4.22+esm8"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.6-2ubuntu2",
"2.4.6-2ubuntu3",
"2.4.6-2ubuntu4",
"2.4.7-1ubuntu1",
"2.4.7-1ubuntu2",
"2.4.7-1ubuntu3",
"2.4.7-1ubuntu4",
"2.4.7-1ubuntu4.1",
"2.4.7-1ubuntu4.4",
"2.4.7-1ubuntu4.5",
"2.4.7-1ubuntu4.6",
"2.4.7-1ubuntu4.7",
"2.4.7-1ubuntu4.8",
"2.4.7-1ubuntu4.9",
"2.4.7-1ubuntu4.10",
"2.4.7-1ubuntu4.11",
"2.4.7-1ubuntu4.13",
"2.4.7-1ubuntu4.15",
"2.4.7-1ubuntu4.16",
"2.4.7-1ubuntu4.17",
"2.4.7-1ubuntu4.18",
"2.4.7-1ubuntu4.19",
"2.4.7-1ubuntu4.20",
"2.4.7-1ubuntu4.21",
"2.4.7-1ubuntu4.22",
"2.4.7-1ubuntu4.22+esm1",
"2.4.7-1ubuntu4.22+esm2",
"2.4.7-1ubuntu4.22+esm3",
"2.4.7-1ubuntu4.22+esm4",
"2.4.7-1ubuntu4.22+esm5",
"2.4.7-1ubuntu4.22+esm6"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.18-2ubuntu3.17+esm7"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.18-2ubuntu3.17+esm7"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.18-2ubuntu3.17+esm7"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.18-2ubuntu3.17+esm7"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.18-2ubuntu3.17+esm7"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.18-2ubuntu3.17+esm7"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.18-2ubuntu3.17+esm7?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.18-2ubuntu3.17+esm7"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.12-2ubuntu2",
"2.4.17-1ubuntu1",
"2.4.17-2ubuntu1",
"2.4.17-3ubuntu1",
"2.4.18-1ubuntu1",
"2.4.18-2ubuntu1",
"2.4.18-2ubuntu2",
"2.4.18-2ubuntu3",
"2.4.18-2ubuntu3.1",
"2.4.18-2ubuntu3.2",
"2.4.18-2ubuntu3.3",
"2.4.18-2ubuntu3.4",
"2.4.18-2ubuntu3.5",
"2.4.18-2ubuntu3.7",
"2.4.18-2ubuntu3.8",
"2.4.18-2ubuntu3.9",
"2.4.18-2ubuntu3.10",
"2.4.18-2ubuntu3.12",
"2.4.18-2ubuntu3.13",
"2.4.18-2ubuntu3.14",
"2.4.18-2ubuntu3.15",
"2.4.18-2ubuntu3.17",
"2.4.18-2ubuntu3.17+esm1",
"2.4.18-2ubuntu3.17+esm2",
"2.4.18-2ubuntu3.17+esm3",
"2.4.18-2ubuntu3.17+esm4",
"2.4.18-2ubuntu3.17+esm5",
"2.4.18-2ubuntu3.17+esm6"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.29-1ubuntu4.25"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.29-1ubuntu4.25"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.29-1ubuntu4.25"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.29-1ubuntu4.25"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.29-1ubuntu4.25"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.29-1ubuntu4.25"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.29-1ubuntu4.25?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.29-1ubuntu4.25"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.27-2ubuntu3",
"2.4.29-1ubuntu1",
"2.4.29-1ubuntu2",
"2.4.29-1ubuntu3",
"2.4.29-1ubuntu4",
"2.4.29-1ubuntu4.1",
"2.4.29-1ubuntu4.2",
"2.4.29-1ubuntu4.3",
"2.4.29-1ubuntu4.4",
"2.4.29-1ubuntu4.5",
"2.4.29-1ubuntu4.6",
"2.4.29-1ubuntu4.7",
"2.4.29-1ubuntu4.8",
"2.4.29-1ubuntu4.10",
"2.4.29-1ubuntu4.11",
"2.4.29-1ubuntu4.12",
"2.4.29-1ubuntu4.13",
"2.4.29-1ubuntu4.14",
"2.4.29-1ubuntu4.16",
"2.4.29-1ubuntu4.17",
"2.4.29-1ubuntu4.18",
"2.4.29-1ubuntu4.19",
"2.4.29-1ubuntu4.20",
"2.4.29-1ubuntu4.21",
"2.4.29-1ubuntu4.22",
"2.4.29-1ubuntu4.23",
"2.4.29-1ubuntu4.24"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "libapache2-mod-md",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "libapache2-mod-proxy-uwsgi",
"binary_version": "2.4.41-4ubuntu3.12"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.41-4ubuntu3.12?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.41-4ubuntu3.12"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.41-1ubuntu1",
"2.4.41-4ubuntu1",
"2.4.41-4ubuntu2",
"2.4.41-4ubuntu3",
"2.4.41-4ubuntu3.1",
"2.4.41-4ubuntu3.3",
"2.4.41-4ubuntu3.4",
"2.4.41-4ubuntu3.5",
"2.4.41-4ubuntu3.6",
"2.4.41-4ubuntu3.7",
"2.4.41-4ubuntu3.8",
"2.4.41-4ubuntu3.9",
"2.4.41-4ubuntu3.10",
"2.4.41-4ubuntu3.11"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "libapache2-mod-md",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "libapache2-mod-proxy-uwsgi",
"binary_version": "2.4.52-1ubuntu4.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.52-1ubuntu4.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.52-1ubuntu4.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.48-3.1ubuntu3",
"2.4.48-3.1ubuntu4",
"2.4.51-2ubuntu1",
"2.4.52-1ubuntu1",
"2.4.52-1ubuntu2",
"2.4.52-1ubuntu4"
]
}
],
"aliases": [],
"details": "If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.",
"id": "UBUNTU-CVE-2022-30522",
"modified": "2026-04-22T07:41:35Z",
"published": "2022-06-09T17:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-30522"
},
{
"type": "REPORT",
"url": "https://www.openwall.com/lists/oss-security/2022/06/08/6"
},
{
"type": "REPORT",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-30522"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5487-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5487-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5487-3"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30522"
}
],
"related": [
"USN-5487-1",
"USN-5487-2",
"USN-5487-3"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2022-30522"
]
}
ubuntu-cve-2022-30556
Vulnerability from osv_ubuntu
Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.
| URL | Type | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2-mpm-event",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2-mpm-itk",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2-mpm-prefork",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2-mpm-worker",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2-suexec",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2.2-bin",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "libapache2-mod-macro",
"binary_version": "1:2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "libapache2-mod-proxy-html",
"binary_version": "1:2.4.7-1ubuntu4.22+esm8"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.7-1ubuntu4.22+esm8?arch=source\u0026distro=trusty/esm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.7-1ubuntu4.22+esm8"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.6-2ubuntu2",
"2.4.6-2ubuntu3",
"2.4.6-2ubuntu4",
"2.4.7-1ubuntu1",
"2.4.7-1ubuntu2",
"2.4.7-1ubuntu3",
"2.4.7-1ubuntu4",
"2.4.7-1ubuntu4.1",
"2.4.7-1ubuntu4.4",
"2.4.7-1ubuntu4.5",
"2.4.7-1ubuntu4.6",
"2.4.7-1ubuntu4.7",
"2.4.7-1ubuntu4.8",
"2.4.7-1ubuntu4.9",
"2.4.7-1ubuntu4.10",
"2.4.7-1ubuntu4.11",
"2.4.7-1ubuntu4.13",
"2.4.7-1ubuntu4.15",
"2.4.7-1ubuntu4.16",
"2.4.7-1ubuntu4.17",
"2.4.7-1ubuntu4.18",
"2.4.7-1ubuntu4.19",
"2.4.7-1ubuntu4.20",
"2.4.7-1ubuntu4.21",
"2.4.7-1ubuntu4.22",
"2.4.7-1ubuntu4.22+esm1",
"2.4.7-1ubuntu4.22+esm2",
"2.4.7-1ubuntu4.22+esm3",
"2.4.7-1ubuntu4.22+esm4",
"2.4.7-1ubuntu4.22+esm5",
"2.4.7-1ubuntu4.22+esm6"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.18-2ubuntu3.17+esm6?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.18-2ubuntu3.17+esm6"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.12-2ubuntu2",
"2.4.17-1ubuntu1",
"2.4.17-2ubuntu1",
"2.4.17-3ubuntu1",
"2.4.18-1ubuntu1",
"2.4.18-2ubuntu1",
"2.4.18-2ubuntu2",
"2.4.18-2ubuntu3",
"2.4.18-2ubuntu3.1",
"2.4.18-2ubuntu3.2",
"2.4.18-2ubuntu3.3",
"2.4.18-2ubuntu3.4",
"2.4.18-2ubuntu3.5",
"2.4.18-2ubuntu3.7",
"2.4.18-2ubuntu3.8",
"2.4.18-2ubuntu3.9",
"2.4.18-2ubuntu3.10",
"2.4.18-2ubuntu3.12",
"2.4.18-2ubuntu3.13",
"2.4.18-2ubuntu3.14",
"2.4.18-2ubuntu3.15",
"2.4.18-2ubuntu3.17",
"2.4.18-2ubuntu3.17+esm1",
"2.4.18-2ubuntu3.17+esm2",
"2.4.18-2ubuntu3.17+esm3",
"2.4.18-2ubuntu3.17+esm4",
"2.4.18-2ubuntu3.17+esm5"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.29-1ubuntu4.24"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.29-1ubuntu4.24"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.29-1ubuntu4.24"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.29-1ubuntu4.24"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.29-1ubuntu4.24"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.29-1ubuntu4.24"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.29-1ubuntu4.24?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.29-1ubuntu4.24"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.27-2ubuntu3",
"2.4.29-1ubuntu1",
"2.4.29-1ubuntu2",
"2.4.29-1ubuntu3",
"2.4.29-1ubuntu4",
"2.4.29-1ubuntu4.1",
"2.4.29-1ubuntu4.2",
"2.4.29-1ubuntu4.3",
"2.4.29-1ubuntu4.4",
"2.4.29-1ubuntu4.5",
"2.4.29-1ubuntu4.6",
"2.4.29-1ubuntu4.7",
"2.4.29-1ubuntu4.8",
"2.4.29-1ubuntu4.10",
"2.4.29-1ubuntu4.11",
"2.4.29-1ubuntu4.12",
"2.4.29-1ubuntu4.13",
"2.4.29-1ubuntu4.14",
"2.4.29-1ubuntu4.16",
"2.4.29-1ubuntu4.17",
"2.4.29-1ubuntu4.18",
"2.4.29-1ubuntu4.19",
"2.4.29-1ubuntu4.20",
"2.4.29-1ubuntu4.21",
"2.4.29-1ubuntu4.22",
"2.4.29-1ubuntu4.23"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "libapache2-mod-md",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "libapache2-mod-proxy-uwsgi",
"binary_version": "2.4.41-4ubuntu3.12"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.41-4ubuntu3.12?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.41-4ubuntu3.12"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.41-1ubuntu1",
"2.4.41-4ubuntu1",
"2.4.41-4ubuntu2",
"2.4.41-4ubuntu3",
"2.4.41-4ubuntu3.1",
"2.4.41-4ubuntu3.3",
"2.4.41-4ubuntu3.4",
"2.4.41-4ubuntu3.5",
"2.4.41-4ubuntu3.6",
"2.4.41-4ubuntu3.7",
"2.4.41-4ubuntu3.8",
"2.4.41-4ubuntu3.9",
"2.4.41-4ubuntu3.10",
"2.4.41-4ubuntu3.11"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "libapache2-mod-md",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "libapache2-mod-proxy-uwsgi",
"binary_version": "2.4.52-1ubuntu4.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.52-1ubuntu4.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.52-1ubuntu4.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.48-3.1ubuntu3",
"2.4.48-3.1ubuntu4",
"2.4.51-2ubuntu1",
"2.4.52-1ubuntu1",
"2.4.52-1ubuntu2",
"2.4.52-1ubuntu4"
]
}
],
"aliases": [],
"details": "Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.",
"id": "UBUNTU-CVE-2022-30556",
"modified": "2026-04-22T07:41:35Z",
"published": "2022-06-09T17:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-30556"
},
{
"type": "REPORT",
"url": "https://www.openwall.com/lists/oss-security/2022/06/08/7"
},
{
"type": "REPORT",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-30556"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5487-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5487-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5487-3"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30556"
}
],
"related": [
"USN-5487-1",
"USN-5487-2",
"USN-5487-3"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2022-30556"
]
}
ubuntu-cve-2022-31813
Vulnerability from osv_ubuntu
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2-mpm-event",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2-mpm-itk",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2-mpm-prefork",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2-mpm-worker",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2-suexec",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "apache2.2-bin",
"binary_version": "2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "libapache2-mod-macro",
"binary_version": "1:2.4.7-1ubuntu4.22+esm8"
},
{
"binary_name": "libapache2-mod-proxy-html",
"binary_version": "1:2.4.7-1ubuntu4.22+esm8"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.7-1ubuntu4.22+esm8?arch=source\u0026distro=trusty/esm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.7-1ubuntu4.22+esm8"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.6-2ubuntu2",
"2.4.6-2ubuntu3",
"2.4.6-2ubuntu4",
"2.4.7-1ubuntu1",
"2.4.7-1ubuntu2",
"2.4.7-1ubuntu3",
"2.4.7-1ubuntu4",
"2.4.7-1ubuntu4.1",
"2.4.7-1ubuntu4.4",
"2.4.7-1ubuntu4.5",
"2.4.7-1ubuntu4.6",
"2.4.7-1ubuntu4.7",
"2.4.7-1ubuntu4.8",
"2.4.7-1ubuntu4.9",
"2.4.7-1ubuntu4.10",
"2.4.7-1ubuntu4.11",
"2.4.7-1ubuntu4.13",
"2.4.7-1ubuntu4.15",
"2.4.7-1ubuntu4.16",
"2.4.7-1ubuntu4.17",
"2.4.7-1ubuntu4.18",
"2.4.7-1ubuntu4.19",
"2.4.7-1ubuntu4.20",
"2.4.7-1ubuntu4.21",
"2.4.7-1ubuntu4.22",
"2.4.7-1ubuntu4.22+esm1",
"2.4.7-1ubuntu4.22+esm2",
"2.4.7-1ubuntu4.22+esm3",
"2.4.7-1ubuntu4.22+esm4",
"2.4.7-1ubuntu4.22+esm5",
"2.4.7-1ubuntu4.22+esm6"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.18-2ubuntu3.17+esm6"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.18-2ubuntu3.17+esm6?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.18-2ubuntu3.17+esm6"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.12-2ubuntu2",
"2.4.17-1ubuntu1",
"2.4.17-2ubuntu1",
"2.4.17-3ubuntu1",
"2.4.18-1ubuntu1",
"2.4.18-2ubuntu1",
"2.4.18-2ubuntu2",
"2.4.18-2ubuntu3",
"2.4.18-2ubuntu3.1",
"2.4.18-2ubuntu3.2",
"2.4.18-2ubuntu3.3",
"2.4.18-2ubuntu3.4",
"2.4.18-2ubuntu3.5",
"2.4.18-2ubuntu3.7",
"2.4.18-2ubuntu3.8",
"2.4.18-2ubuntu3.9",
"2.4.18-2ubuntu3.10",
"2.4.18-2ubuntu3.12",
"2.4.18-2ubuntu3.13",
"2.4.18-2ubuntu3.14",
"2.4.18-2ubuntu3.15",
"2.4.18-2ubuntu3.17",
"2.4.18-2ubuntu3.17+esm1",
"2.4.18-2ubuntu3.17+esm2",
"2.4.18-2ubuntu3.17+esm3",
"2.4.18-2ubuntu3.17+esm4",
"2.4.18-2ubuntu3.17+esm5"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.29-1ubuntu4.24"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.29-1ubuntu4.24"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.29-1ubuntu4.24"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.29-1ubuntu4.24"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.29-1ubuntu4.24"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.29-1ubuntu4.24"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.29-1ubuntu4.24?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.29-1ubuntu4.24"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.27-2ubuntu3",
"2.4.29-1ubuntu1",
"2.4.29-1ubuntu2",
"2.4.29-1ubuntu3",
"2.4.29-1ubuntu4",
"2.4.29-1ubuntu4.1",
"2.4.29-1ubuntu4.2",
"2.4.29-1ubuntu4.3",
"2.4.29-1ubuntu4.4",
"2.4.29-1ubuntu4.5",
"2.4.29-1ubuntu4.6",
"2.4.29-1ubuntu4.7",
"2.4.29-1ubuntu4.8",
"2.4.29-1ubuntu4.10",
"2.4.29-1ubuntu4.11",
"2.4.29-1ubuntu4.12",
"2.4.29-1ubuntu4.13",
"2.4.29-1ubuntu4.14",
"2.4.29-1ubuntu4.16",
"2.4.29-1ubuntu4.17",
"2.4.29-1ubuntu4.18",
"2.4.29-1ubuntu4.19",
"2.4.29-1ubuntu4.20",
"2.4.29-1ubuntu4.21",
"2.4.29-1ubuntu4.22",
"2.4.29-1ubuntu4.23"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "libapache2-mod-md",
"binary_version": "2.4.41-4ubuntu3.12"
},
{
"binary_name": "libapache2-mod-proxy-uwsgi",
"binary_version": "2.4.41-4ubuntu3.12"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.41-4ubuntu3.12?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.41-4ubuntu3.12"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.41-1ubuntu1",
"2.4.41-4ubuntu1",
"2.4.41-4ubuntu2",
"2.4.41-4ubuntu3",
"2.4.41-4ubuntu3.1",
"2.4.41-4ubuntu3.3",
"2.4.41-4ubuntu3.4",
"2.4.41-4ubuntu3.5",
"2.4.41-4ubuntu3.6",
"2.4.41-4ubuntu3.7",
"2.4.41-4ubuntu3.8",
"2.4.41-4ubuntu3.9",
"2.4.41-4ubuntu3.10",
"2.4.41-4ubuntu3.11"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "libapache2-mod-md",
"binary_version": "2.4.52-1ubuntu4.1"
},
{
"binary_name": "libapache2-mod-proxy-uwsgi",
"binary_version": "2.4.52-1ubuntu4.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "apache2",
"purl": "pkg:deb/ubuntu/apache2@2.4.52-1ubuntu4.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.52-1ubuntu4.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.48-3.1ubuntu3",
"2.4.48-3.1ubuntu4",
"2.4.51-2ubuntu1",
"2.4.52-1ubuntu1",
"2.4.52-1ubuntu2",
"2.4.52-1ubuntu4"
]
}
],
"aliases": [],
"details": "Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.",
"id": "UBUNTU-CVE-2022-31813",
"modified": "2026-04-22T07:41:36Z",
"published": "2022-06-09T17:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-31813"
},
{
"type": "REPORT",
"url": "https://www.openwall.com/lists/oss-security/2022/06/08/8"
},
{
"type": "REPORT",
"url": "https://github.com/apache/httpd/pull/320"
},
{
"type": "REPORT",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-31813"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5487-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5487-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5487-3"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31813"
}
],
"related": [
"USN-5487-1",
"USN-5487-2",
"USN-5487-3"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2022-31813"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.