oss-sec mailing list archives
CVE-2022-29404: Apache HTTP Server: Denial of service in mod_lua r:parsebody
From: Stefan Eissing <icing () apache org>
Date: Wed, 08 Jun 2022 09:43:35 +0000
Severity: low Description: In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. Credit: The Apache HTTP Server project would like to thank Ronald Crane (Zippenhop LLC) for reporting this issue References: https://httpd.apache.org/security/vulnerabilities_24.html
Current thread:
- CVE-2022-29404: Apache HTTP Server: Denial of service in mod_lua r:parsebody Stefan Eissing (Jun 08)