Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-28331 (GCVE-0-2022-28331)
Vulnerability from cvelistv5 – Published: 2023-01-31 15:55 – Updated: 2025-03-27 14:31
VLAI?
EPSS
Title
Apache Portable Runtime (APR): Windows out-of-bounds write in apr_socket_sendv function
Summary
On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.
Severity ?
No CVSS data available.
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/5pfdfn7h0vsdo5xzj… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Portable Runtime (APR) |
Affected:
0 , ≤ 1.7.0
(custom)
|
Credits
Ronald Crane (Zippenhop LLC)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:14.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-28331",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T14:31:25.841968Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T14:31:30.494Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Portable Runtime (APR)",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ronald Crane (Zippenhop LLC)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow."
}
],
"value": "On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T15:26:44.884Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Portable Runtime (APR): Windows out-of-bounds write in apr_socket_sendv function",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-28331",
"datePublished": "2023-01-31T15:55:21.488Z",
"dateReserved": "2022-04-01T12:46:04.617Z",
"dateUpdated": "2025-03-27T14:31:30.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-28331",
"date": "2026-05-20",
"epss": "0.00284",
"percentile": "0.51864"
},
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.7.0\", \"matchCriteriaId\": \"1DB0978A-CC7C-49E0-8C5D-578F538F25F1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.\"}, {\"lang\": \"es\", \"value\": \"En Windows, Apache Portable Runtime 1.7.0 y versiones anteriores pueden escribir m\\u00e1s all\\u00e1 del final de un b\\u00fafer basado en pila en apr_socket_sendv(). Este es el resultado del desbordamiento de enteros.\"}]",
"id": "CVE-2022-28331",
"lastModified": "2024-11-21T06:57:10.740",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
"published": "2023-01-31T16:15:08.977",
"references": "[{\"url\": \"https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-190\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-190\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-28331\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2023-01-31T16:15:08.977\",\"lastModified\":\"2025-03-27T15:15:37.330\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.\"},{\"lang\":\"es\",\"value\":\"En Windows, Apache Portable Runtime 1.7.0 y versiones anteriores pueden escribir m\u00e1s all\u00e1 del final de un b\u00fafer basado en pila en apr_socket_sendv(). Este es el resultado del desbordamiento de enteros.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.7.0\",\"matchCriteriaId\":\"1DB0978A-CC7C-49E0-8C5D-578F538F25F1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"affected\": [{\"defaultStatus\": \"unaffected\", \"product\": \"Apache Portable Runtime (APR)\", \"vendor\": \"Apache Software Foundation\", \"versions\": [{\"lessThanOrEqual\": \"1.7.0\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\"}]}], \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Ronald Crane (Zippenhop LLC)\"}], \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.\"}], \"value\": \"On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.\"}], \"metrics\": [{\"other\": {\"content\": {\"text\": \"moderate\"}, \"type\": \"Textual description of severity\"}}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-190\", \"description\": \"CWE-190 Integer Overflow or Wraparound\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2023-07-07T15:26:44.884Z\"}, \"references\": [{\"tags\": [\"vendor-advisory\"], \"url\": \"https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r\"}], \"source\": {\"discovery\": \"UNKNOWN\"}, \"title\": \"Apache Portable Runtime (APR): Windows out-of-bounds write in apr_socket_sendv function\", \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T05:56:14.939Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"tags\": [\"vendor-advisory\", \"x_transferred\"], \"url\": \"https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-28331\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-27T14:31:25.841968Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-27T14:31:12.008Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2022-28331\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"apache\", \"dateReserved\": \"2022-04-01T12:46:04.617Z\", \"datePublished\": \"2023-01-31T15:55:21.488Z\", \"dateUpdated\": \"2025-03-27T14:31:30.494Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2023-AVI-0188
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Spectrum Control versions ant\u00e9rieures 5.4.x \u00e0 5.4.10",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Remote Server versions 9.0 et 8.5 sans les correctifs disponibles pour IBM HTTP Server",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-36760",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36760"
},
{
"name": "CVE-2022-25147",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25147"
},
{
"name": "CVE-2006-20001",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-20001"
},
{
"name": "CVE-2022-28331",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28331"
},
{
"name": "CVE-2022-37436",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37436"
},
{
"name": "CVE-2018-1000632",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000632"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0188",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6959691 du 02 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6959691"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6959029 du 03 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6959029"
}
]
}
CERTFR-2023-AVI-0188
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Spectrum Control versions ant\u00e9rieures 5.4.x \u00e0 5.4.10",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Remote Server versions 9.0 et 8.5 sans les correctifs disponibles pour IBM HTTP Server",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-36760",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36760"
},
{
"name": "CVE-2022-25147",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25147"
},
{
"name": "CVE-2006-20001",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-20001"
},
{
"name": "CVE-2022-28331",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28331"
},
{
"name": "CVE-2022-37436",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37436"
},
{
"name": "CVE-2018-1000632",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000632"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0188",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6959691 du 02 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6959691"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6959029 du 03 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6959029"
}
]
}
BDU:2023-00668
Vulnerability from fstec - Published: 31.01.2023
VLAI Severity ?
Title
Уязвимость функции apr_socket_sendv() библиотеки Apache Portable Runtime (APR) операционных систем Windows, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Description
Уязвимость функции apr_socket_sendv() библиотеки Apache Portable Runtime (APR) операционных систем Windows связана с записью за границами буфера в памяти. Эксплуатация уязвимости может позволить нарушителю , действующему удаленно, оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity ?
Vendor
Сообщество свободного программного обеспечения, Apache Software Foundation
Software Name
Debian GNU/Linux, Portable Runtime (APR)
Software Version
10 (Debian GNU/Linux), 11 (Debian GNU/Linux), до 1.7.0 включительно (Portable Runtime (APR))
Possible Mitigations
Использование рекомендаций:
Для Apache Portable Runtime:
https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2022-28331
Reference
https://nvd.nist.gov/vuln/detail/CVE-2022-28331
https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r
https://security-tracker.debian.org/tracker/CVE-2022-28331
CWE
CWE-787
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Apache Software Foundation",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "10 (Debian GNU/Linux), 11 (Debian GNU/Linux), \u0434\u043e 1.7.0 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Portable Runtime (APR))",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Apache Portable Runtime:\nhttps://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2022-28331",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "31.01.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "13.02.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "13.02.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-00668",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-28331",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Portable Runtime (APR)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Microsoft Corp Windows - , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 apr_socket_sendv() \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Apache Portable Runtime (APR) \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Windows, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 apr_socket_sendv() \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Apache Portable Runtime (APR) \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Windows \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e , \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2022-28331\nhttps://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r\nhttps://security-tracker.debian.org/tracker/CVE-2022-28331",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-787",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
bit-apr-2022-28331
Vulnerability from bitnami_vulndb
Published
2024-03-06 10:50
Modified
2025-05-20 10:02
Summary
Apache Portable Runtime (APR): Windows out-of-bounds write in apr_socket_sendv function
Details
On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "apr",
"purl": "pkg:bitnami/apr"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.1"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2022-28331"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*"
],
"severity": "Critical"
},
"details": "On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.",
"id": "BIT-apr-2022-28331",
"modified": "2025-05-20T10:02:07.006Z",
"published": "2024-03-06T10:50:33.685Z",
"references": [
{
"type": "WEB",
"url": "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28331"
}
],
"schema_version": "1.5.0",
"summary": "Apache Portable Runtime (APR): Windows out-of-bounds write in apr_socket_sendv function"
}
CNVD-2023-57670
Vulnerability from cnvd - Published: 2023-07-21
VLAI Severity ?
Title
Apache Portable Runtime越界写漏洞(CNVD-2023-57670)
Description
Apache Portable Runtime是美国阿帕奇(Apache)基金会的一个为上层应用程序提供可跨越多个操作系统平台使用的底层支持接口库。
Apache Portable Runtime存在越界写漏洞,攻击者可利用该漏洞实现整数溢出导致在栈缓冲区末端之外写入数据。
Severity
高
Patch Name
Apache Portable Runtime越界写漏洞(CNVD-2023-57670)的补丁
Patch Description
Apache Portable Runtime是美国阿帕奇(Apache)基金会的一个为上层应用程序提供可跨越多个操作系统平台使用的底层支持接口库。
Apache Portable Runtime存在越界写漏洞,攻击者可利用该漏洞实现整数溢出导致在栈缓冲区末端之外写入数据。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r
Reference
https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r
Impacted products
| Name | Apache Portable Runtime <=1.7.0 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2022-28331",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-28331"
}
},
"description": "Apache Portable Runtime\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u4e3a\u4e0a\u5c42\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u53ef\u8de8\u8d8a\u591a\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u5e73\u53f0\u4f7f\u7528\u7684\u5e95\u5c42\u652f\u6301\u63a5\u53e3\u5e93\u3002\n\nApache Portable Runtime\u5b58\u5728\u8d8a\u754c\u5199\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u73b0\u6574\u6570\u6ea2\u51fa\u5bfc\u81f4\u5728\u6808\u7f13\u51b2\u533a\u672b\u7aef\u4e4b\u5916\u5199\u5165\u6570\u636e\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2023-57670",
"openTime": "2023-07-21",
"patchDescription": "Apache Portable Runtime\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u4e3a\u4e0a\u5c42\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u53ef\u8de8\u8d8a\u591a\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u5e73\u53f0\u4f7f\u7528\u7684\u5e95\u5c42\u652f\u6301\u63a5\u53e3\u5e93\u3002\r\n\r\nApache Portable Runtime\u5b58\u5728\u8d8a\u754c\u5199\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u73b0\u6574\u6570\u6ea2\u51fa\u5bfc\u81f4\u5728\u6808\u7f13\u51b2\u533a\u672b\u7aef\u4e4b\u5916\u5199\u5165\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apache Portable Runtime\u8d8a\u754c\u5199\u6f0f\u6d1e\uff08CNVD-2023-57670\uff09\u7684\u8865\u4e01",
"products": {
"product": "Apache Portable Runtime \u003c=1.7.0"
},
"referenceLink": "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r",
"serverity": "\u9ad8",
"submitTime": "2023-02-06",
"title": "Apache Portable Runtime\u8d8a\u754c\u5199\u6f0f\u6d1e\uff08CNVD-2023-57670\uff09"
}
FKIE_CVE-2022-28331
Vulnerability from fkie_nvd - Published: 2023-01-31 16:15 - Updated: 2025-03-27 15:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.
References
| URL | Tags | ||
|---|---|---|---|
| security@apache.org | https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r | Mailing List, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | portable_runtime | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB0978A-CC7C-49E0-8C5D-578F538F25F1",
"versionEndIncluding": "1.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow."
},
{
"lang": "es",
"value": "En Windows, Apache Portable Runtime 1.7.0 y versiones anteriores pueden escribir m\u00e1s all\u00e1 del final de un b\u00fafer basado en pila en apr_socket_sendv(). Este es el resultado del desbordamiento de enteros."
}
],
"id": "CVE-2022-28331",
"lastModified": "2025-03-27T15:15:37.330",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-01-31T16:15:08.977",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
GHSA-27J5-C395-8J82
Vulnerability from github – Published: 2023-01-31 18:30 – Updated: 2023-02-08 21:30
VLAI?
Details
On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.
Severity ?
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2022-28331"
],
"database_specific": {
"cwe_ids": [
"CWE-190",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-31T16:15:00Z",
"severity": "CRITICAL"
},
"details": "On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.",
"id": "GHSA-27j5-c395-8j82",
"modified": "2023-02-08T21:30:22Z",
"published": "2023-01-31T18:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28331"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2022-28331
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-28331",
"id": "GSD-2022-28331",
"references": [
"https://www.suse.com/security/cve/CVE-2022-28331.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-28331"
],
"details": "On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.",
"id": "GSD-2022-28331",
"modified": "2023-12-13T01:19:34.782590Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2022-28331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Portable Runtime (APR)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0",
"version_value": "1.7.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credits": [
{
"lang": "en",
"value": "Ronald Crane (Zippenhop LLC)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow."
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-190",
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r",
"refsource": "MISC",
"url": "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2022-28331"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r",
"refsource": "MISC",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-07-07T16:15Z",
"publishedDate": "2023-01-31T16:15Z"
}
}
}
RHSA-2023:4628
Vulnerability from csaf_redhat - Published: 2023-08-15 17:37 - Updated: 2026-04-01 18:56Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update
Severity
Moderate
Notes
Topic: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 is now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* apr-util: integer overflow/wraparound in apr_encode (CVE-2022-24963)
* apr-util: Windows out-of-bounds write in apr_socket_sendv function (CVE-2022-28331)
* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-36760)
* httpd: mod_proxy: HTTP response splitting (CVE-2022-37436)
* mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass (CVE-2022-48279)
* modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass (CVE-2023-24021)
* httpd: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522)
* curl: use after free in SSH sha256 fingerprint check (CVE-2023-28319)
* curl: IDN wildcard match may lead to Improper Cerificate Validation (CVE-2023-28321)
* libxml2: NULL dereference in xmlSchemaFixupComplexType (CVE-2023-28484)
* libxml2: Hashing of empty dict strings isn't deterministic (CVE-2023-29469)
* curl: more POST-after-PUT confusion (CVE-2023-28322)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache Portable Runtime, affecting versions <= 1.7.0. This issue may allow a malicious user to write beyond the end of a stack buffer and cause an integer overflow. This affects Windows environments.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the mod_proxy_ajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forwards requests.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the mod_proxy module of httpd. A malicious backend can cause the response headers to be truncated because they are not cleaned when an error is found while reading them, resulting in some headers being incorporated into the response body and not being interpreted by a client.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability was found in ModSecurity. This issue occurs when HTTP multipart requests are incorrectly parsed and could bypass the Web Application Firewall. NOTE: This is related to CVE-2022-39956, but can be considered independent changes to the ModSecurity (C language) codebase.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability was found in ModSecurity. This issue occurs when FILES_TMP_CONTENT lacks complete content, which can lead to a Web Application Firewall bypass.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
An HTTP Response Smuggling vulnerability was found in the Apache HTTP Server via mod_proxy_uwsgi. This security issue occurs when special characters in the origin response header can truncate or split the response forwarded to the client.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A use-after-free flaw was found in the Curl package. This flaw risks inserting sensitive heap-based data into the error message that users might see or is otherwise leaked and revealed.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.
CWE-440 - Expected Behavior ViolationAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
71 references
Acknowledgments
Wei Chong Tan
Daniel Stenberg
Hiroki Kurosawa
Daniel Stenberg
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Core Services Apache HTTP Server 2.4.57 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* apr-util: integer overflow/wraparound in apr_encode (CVE-2022-24963)\n\n* apr-util: Windows out-of-bounds write in apr_socket_sendv function (CVE-2022-28331)\n\n* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-36760)\n\n* httpd: mod_proxy: HTTP response splitting (CVE-2022-37436)\n\n* mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass (CVE-2022-48279)\n\n* modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass (CVE-2023-24021)\n\n* httpd: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522)\n\n* curl: use after free in SSH sha256 fingerprint check (CVE-2023-28319)\n\n* curl: IDN wildcard match may lead to Improper Cerificate Validation (CVE-2023-28321)\n\n* libxml2: NULL dereference in xmlSchemaFixupComplexType (CVE-2023-28484)\n\n* libxml2: Hashing of empty dict strings isn\u0027t deterministic (CVE-2023-29469)\n\n* curl: more POST-after-PUT confusion (CVE-2023-28322)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:4628",
"url": "https://access.redhat.com/errata/RHSA-2023:4628"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2161773",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161773"
},
{
"category": "external",
"summary": "2161777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161777"
},
{
"category": "external",
"summary": "2163615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163615"
},
{
"category": "external",
"summary": "2163622",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163622"
},
{
"category": "external",
"summary": "2169465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169465"
},
{
"category": "external",
"summary": "2172556",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172556"
},
{
"category": "external",
"summary": "2176211",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176211"
},
{
"category": "external",
"summary": "2185984",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185984"
},
{
"category": "external",
"summary": "2185994",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185994"
},
{
"category": "external",
"summary": "2196778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196778"
},
{
"category": "external",
"summary": "2196786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196786"
},
{
"category": "external",
"summary": "2196793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196793"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4628.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update",
"tracking": {
"current_release_date": "2026-04-01T18:56:29+00:00",
"generator": {
"date": "2026-04-01T18:56:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.4"
}
},
"id": "RHSA-2023:4628",
"initial_release_date": "2023-08-15T17:37:09+00:00",
"revision_history": [
{
"date": "2023-08-15T17:37:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-08-15T17:37:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-01T18:56:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Text-Only JBCS",
"product": {
"name": "Text-Only JBCS",
"product_id": "Text-Only JBCS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Core Services"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-24963",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2023-02-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2169465"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr: integer overflow/wraparound in apr_encode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Versions of \"apr-util\" shipped with Red Hat Enterprise Linux-6, 7, 8, and 9 are not affected. \"apr_encode_*\" API, which contains the affected code was added in apr-utils v1.7.0, whereas, RHEL ships apr-util v1.6.1 and lower.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24963"
},
{
"category": "external",
"summary": "RHBZ#2169465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169465"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24963",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24963"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24963",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24963"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9",
"url": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9"
}
],
"release_date": "2023-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-08-15T17:37:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4628"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr: integer overflow/wraparound in apr_encode"
},
{
"cve": "CVE-2022-28331",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2172556"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Portable Runtime, affecting versions \u003c= 1.7.0. This issue may allow a malicious user to write beyond the end of a stack buffer and cause an integer overflow. This affects Windows environments.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr: Windows out-of-bounds write in apr_socket_sendv function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28331"
},
{
"category": "external",
"summary": "RHBZ#2172556",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172556"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28331",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28331"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28331",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28331"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r",
"url": "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r"
}
],
"release_date": "2023-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-08-15T17:37:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4628"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr: Windows out-of-bounds write in apr_socket_sendv function"
},
{
"cve": "CVE-2022-36760",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-01-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161777"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mod_proxy_ajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forwards requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_ajp: Possible request smuggling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw only affects configurations with mod_proxy_ajp loaded and with an AJP backend configured. If there is no proxy configured to an AJP backend the server is not affected and no further mitigation is needed. For more information about the mitigation, check the mitigation section below.\n\nThe httpd mod_proxy_ajp module is enabled by default on Red Hat Enterprise Linux 6, 7, 8, 9, and in RHSCL. However, there are no directives forwarding requests using the AJP protocol.\n\nThis flaw has been rated as having a security impact of moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-36760"
},
{
"category": "external",
"summary": "RHBZ#2161777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161777"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-36760",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36760"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-36760",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36760"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-36760",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-36760"
}
],
"release_date": "2023-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-08-15T17:37:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4628"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_proxy_ajp: Possible request smuggling"
},
{
"cve": "CVE-2022-37436",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2023-01-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161773"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mod_proxy module of httpd. A malicious backend can cause the response headers to be truncated because they are not cleaned when an error is found while reading them, resulting in some headers being incorporated into the response body and not being interpreted by a client.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy: HTTP response splitting",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is only exploitable via bad headers generated by a malicious backend or a malicious application.\n\nhttpd as shipped in Red Hat Enterprise Linux 7, 8, 9 and in RHSCL is vulnerable to this flaw. httpd as shipped in Red Hat Enterprise Linux 6 is not affected.\n\nThis flaw has been rated as having a security impact of moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-37436"
},
{
"category": "external",
"summary": "RHBZ#2161773",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161773"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-37436",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37436"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37436",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37436"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-37436",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-37436"
}
],
"release_date": "2023-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-08-15T17:37:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4628"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. It\u0027s recommended to update the affected packages as soon as an update is available.",
"product_ids": [
"Text-Only JBCS"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_proxy: HTTP response splitting"
},
{
"cve": "CVE-2022-48279",
"cwe": {
"id": "CWE-1389",
"name": "Incorrect Parsing of Numbers with Different Radices"
},
"discovery_date": "2023-01-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2163622"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in ModSecurity. This issue occurs when HTTP multipart requests are incorrectly parsed and could bypass the Web Application Firewall. NOTE: This is related to CVE-2022-39956, but can be considered independent changes to the ModSecurity (C language) codebase.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this vulnerability as Moderate impact as a result of how mod_security is configured to be used in Red Hat products. When running with default configurations the affected program will have limited privileges and thus the impact of this flaw will be restricted beyond what the Web Application Firewall is also restricting.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-48279"
},
{
"category": "external",
"summary": "RHBZ#2163622",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163622"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-48279",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48279"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-48279",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48279"
}
],
"release_date": "2023-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-08-15T17:37:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4628"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Text-Only JBCS"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass"
},
{
"cve": "CVE-2023-24021",
"cwe": {
"id": "CWE-402",
"name": "Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)"
},
"discovery_date": "2023-01-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2163615"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in ModSecurity. This issue occurs when FILES_TMP_CONTENT lacks complete content, which can lead to a Web Application Firewall bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this vulnerability as Moderate impact as a result of how mod_security is configured to be used in Red Hat products. When running with default configurations the affected program will have limited privileges and thus the impact of this flaw will be restricted beyond what the Web Application Firewall is also restricting.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24021"
},
{
"category": "external",
"summary": "RHBZ#2163615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163615"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24021",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24021"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24021",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24021"
}
],
"release_date": "2023-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-08-15T17:37:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4628"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Text-Only JBCS"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass"
},
{
"cve": "CVE-2023-27522",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2023-03-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2176211"
}
],
"notes": [
{
"category": "description",
"text": "An HTTP Response Smuggling vulnerability was found in the Apache HTTP Server via mod_proxy_uwsgi. This security issue occurs when special characters in the origin response header can truncate or split the response forwarded to the client.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_uwsgi HTTP response splitting",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi has been categorized as moderate severity for Red Hat Enterprise Linux due to several technical factors. While the potential impact of this vulnerability is significant, its exploitation requires specific conditions, including the presence of mod_proxy_uwsgi and the ability to inject specially crafted headers into requests. Additionally, successful exploitation depends on the specific configuration of the server and the network environment. Furthermore, the vulnerability primarily affects the integrity and reliability of HTTP responses, rather than directly leading to remote code execution or unauthorized access. Therefore, the likelihood of exploitation and the potential impact on affected systems have been evaluated as moderate, warranting attention and remediation but not categorized as important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27522"
},
{
"category": "external",
"summary": "RHBZ#2176211",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176211"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27522",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27522"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27522",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27522"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2023-03-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-08-15T17:37:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4628"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Text-Only JBCS"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_proxy_uwsgi HTTP response splitting"
},
{
"acknowledgments": [
{
"names": [
"Wei Chong Tan",
"Daniel Stenberg"
]
}
],
"cve": "CVE-2023-28319",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-05-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2196778"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in the Curl package. This flaw risks inserting sensitive heap-based data into the error message that users might see or is otherwise leaked and revealed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: use after free in SSH sha256 fingerprint check",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability does not affect the Curl package as shipped in Red Hat Enterprise Linux 6, 7, 8 and 9.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28319"
},
{
"category": "external",
"summary": "RHBZ#2196778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196778"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28319",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28319"
},
{
"category": "external",
"summary": "https://curl.se/docs/CVE-2023-28319.html",
"url": "https://curl.se/docs/CVE-2023-28319.html"
}
],
"release_date": "2023-05-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-08-15T17:37:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4628"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "curl: use after free in SSH sha256 fingerprint check"
},
{
"acknowledgments": [
{
"names": [
"Hiroki Kurosawa",
"Daniel Stenberg"
]
}
],
"cve": "CVE-2023-28321",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2023-05-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2196786"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: IDN wildcard match may lead to Improper Cerificate Validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28321"
},
{
"category": "external",
"summary": "RHBZ#2196786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196786"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28321",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28321"
},
{
"category": "external",
"summary": "https://curl.se/docs/CVE-2023-28321.html",
"url": "https://curl.se/docs/CVE-2023-28321.html"
}
],
"release_date": "2023-05-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-08-15T17:37:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4628"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "curl: IDN wildcard match may lead to Improper Cerificate Validation"
},
{
"acknowledgments": [
{
"names": [
"Hiroki Kurosawa",
"Daniel Stenberg"
]
}
],
"cve": "CVE-2023-28322",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2023-05-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2196793"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: more POST-after-PUT confusion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28322"
},
{
"category": "external",
"summary": "RHBZ#2196793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28322",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28322"
},
{
"category": "external",
"summary": "https://curl.se/docs/CVE-2023-28322.html",
"url": "https://curl.se/docs/CVE-2023-28322.html"
}
],
"release_date": "2023-05-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-08-15T17:37:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4628"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "curl: more POST-after-PUT confusion"
},
{
"cve": "CVE-2023-28484",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-04-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185994"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: NULL dereference in xmlSchemaFixupComplexType",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28484"
},
{
"category": "external",
"summary": "RHBZ#2185994",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185994"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28484"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28484",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28484"
}
],
"release_date": "2023-04-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-08-15T17:37:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4628"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: NULL dereference in xmlSchemaFixupComplexType"
},
{
"cve": "CVE-2023-29469",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-04-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185984"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren\u0027t null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Hashing of empty dict strings isn\u0027t deterministic",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29469"
},
{
"category": "external",
"summary": "RHBZ#2185984",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185984"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29469"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29469",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29469"
}
],
"release_date": "2023-04-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-08-15T17:37:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4628"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Hashing of empty dict strings isn\u0027t deterministic"
}
]
}
RHSA-2023:4910
Vulnerability from csaf_redhat - Published: 2023-09-04 12:24 - Updated: 2026-03-21 00:59Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.4 release and security update
Severity
Moderate
Notes
Topic: Red Hat JBoss Web Server 5.7.4 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server.
Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 5.7.4 serves as a replacement for Red Hat JBoss Web Server 5.7.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References section.
Security Fix(es):
* apr: integer overflow/wraparound in apr_encode (CVE-2022-24963)
* apr: Windows out-of-bounds write in apr_socket_sendv function (CVE-2022-28331)
* tomcat: Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
* jws5-tomcat: tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)
* tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JWS 5.7.4 release
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:5.7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache Portable Runtime, affecting versions <= 1.7.0. This issue may allow a malicious user to write beyond the end of a stack buffer and cause an integer overflow. This affects Windows environments.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JWS 5.7.4 release
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:5.7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service. While Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JWS 5.7.4 release
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:5.7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. Older, EOL versions may also be affected.
4.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JWS 5.7.4 release
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:5.7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability has been identified in Apache Tomcat due to an incomplete fix for CVE-2023-24998, which aims to limit the uploaded request parts that can be bypassed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to cause a crash triggering a denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JWS 5.7.4 release
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:5.7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
35 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Web Server 5.7.4 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server.\n\nRed Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.7.4 serves as a replacement for Red Hat JBoss Web Server 5.7.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References section.\n\nSecurity Fix(es):\n\n* apr: integer overflow/wraparound in apr_encode (CVE-2022-24963)\n\n* apr: Windows out-of-bounds write in apr_socket_sendv function (CVE-2022-28331)\n\n* tomcat: Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)\n\n* jws5-tomcat: tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)\n\n* tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:4910",
"url": "https://access.redhat.com/errata/RHSA-2023:4910"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=webserver\u0026version=5.7",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=webserver\u0026version=5.7"
},
{
"category": "external",
"summary": "2169465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169465"
},
{
"category": "external",
"summary": "2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "2172556",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172556"
},
{
"category": "external",
"summary": "2180856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180856"
},
{
"category": "external",
"summary": "2210321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210321"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4910.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.4 release and security update",
"tracking": {
"current_release_date": "2026-03-21T00:59:20+00:00",
"generator": {
"date": "2026-03-21T00:59:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2023:4910",
"initial_release_date": "2023-09-04T12:24:13+00:00",
"revision_history": [
{
"date": "2023-09-04T12:24:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-04T12:24:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-21T00:59:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "JWS 5.7.4 release",
"product": {
"name": "JWS 5.7.4 release",
"product_id": "JWS 5.7.4 release",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-24963",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2023-02-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2169465"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr: integer overflow/wraparound in apr_encode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Versions of \"apr-util\" shipped with Red Hat Enterprise Linux-6, 7, 8, and 9 are not affected. \"apr_encode_*\" API, which contains the affected code was added in apr-utils v1.7.0, whereas, RHEL ships apr-util v1.6.1 and lower.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"JWS 5.7.4 release"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24963"
},
{
"category": "external",
"summary": "RHBZ#2169465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169465"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24963",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24963"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24963",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24963"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9",
"url": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9"
}
],
"release_date": "2023-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-04T12:24:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"JWS 5.7.4 release"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4910"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"JWS 5.7.4 release"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr: integer overflow/wraparound in apr_encode"
},
{
"cve": "CVE-2022-28331",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2172556"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Portable Runtime, affecting versions \u003c= 1.7.0. This issue may allow a malicious user to write beyond the end of a stack buffer and cause an integer overflow. This affects Windows environments.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr: Windows out-of-bounds write in apr_socket_sendv function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"JWS 5.7.4 release"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28331"
},
{
"category": "external",
"summary": "RHBZ#2172556",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172556"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28331",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28331"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28331",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28331"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r",
"url": "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r"
}
],
"release_date": "2023-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-04T12:24:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"JWS 5.7.4 release"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4910"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"JWS 5.7.4 release"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr: Windows out-of-bounds write in apr_socket_sendv function"
},
{
"cve": "CVE-2023-24998",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2172298"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.\r\n\r\nWhile Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "FileUpload: FileUpload DoS with excessive parts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"JWS 5.7.4 release"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "RHBZ#2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
},
{
"category": "external",
"summary": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5",
"url": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5"
}
],
"release_date": "2023-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-04T12:24:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"JWS 5.7.4 release"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4910"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"JWS 5.7.4 release"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "FileUpload: FileUpload DoS with excessive parts"
},
{
"cve": "CVE-2023-28708",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-03-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2180856"
}
],
"notes": [
{
"category": "description",
"text": "When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not\u00a0include the secure attribute. This could result in the user agent\u00a0transmitting the session cookie over an insecure channel.\n\nOlder, EOL versions may also be affected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: not including the secure attribute causes information disclosure",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2023-28708 only potentially impacts a Tomcat configuration using a RemoteIpFilter behind a proxy or loadbalancer that sets an X-Forwarded-Proto request header with a value of https. If you do not use RemoteIpFilter in such a configuration, then the vulnerability would not have any impact on you\n\nRed Hat Satellite does not include the affected Apache Tomcat, however, Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"JWS 5.7.4 release"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28708"
},
{
"category": "external",
"summary": "RHBZ#2180856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28708",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28708"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28708",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28708"
},
{
"category": "external",
"summary": "https://bz.apache.org/bugzilla/show_bug.cgi?id=66471",
"url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=66471"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67",
"url": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-04T12:24:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"JWS 5.7.4 release"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4910"
},
{
"category": "workaround",
"details": "For possible impact and workaround, please refer to: https://access.redhat.com/solutions/7004796",
"product_ids": [
"JWS 5.7.4 release"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"JWS 5.7.4 release"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: not including the secure attribute causes information disclosure"
},
{
"cve": "CVE-2023-28709",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"discovery_date": "2023-05-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2210321"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in Apache Tomcat due to an incomplete fix for CVE-2023-24998, which aims to limit the uploaded request parts that can be bypassed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to cause a crash triggering a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Fix for CVE-2023-24998 was incomplete",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact for this flaw is considered moderate to match the Apache Software Foundation impact, considering the non-default configuration in CVE description.\n\npki-servlet-engine has been obsoleted in Red Hat Enterprise Linux 8.9 and later by Tomcat, so no additional fixes for the engine would be made available.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"JWS 5.7.4 release"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28709"
},
{
"category": "external",
"summary": "RHBZ#2210321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210321"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28709",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28709"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28709",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28709"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j",
"url": "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j"
}
],
"release_date": "2023-05-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-04T12:24:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"JWS 5.7.4 release"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4910"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u0027s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"JWS 5.7.4 release"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"JWS 5.7.4 release"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Fix for CVE-2023-24998 was incomplete"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…