Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.
Apache HTTP Server versiones 2.4.53 y anteriores, pueden devolver longitudes a las aplicaciones que llaman a r:wsread() que apuntan más allá del final del almacenamiento asignado para el buffer
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | NONE |
| Availability Impact | NONE |
AV:N/AC:L/Au:N/C:P/I:N/A:N
| Access Vector | NETWORK |
|---|---|
| Access Complexity | LOW |
| Authentication | NONE |
| Confidentiality Impact | PARTIAL |
| Integrity Impact | NONE |
| Availability Impact | NONE |
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-200
|
| [email protected] | Primary |
en
NVD-CWE-Other
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| apache | http_server | * | <built-in method update of dict object at 0x72a9b0479000> | Application |
| netapp | clustered_data_ontap | - | <built-in method update of dict object at 0x72a99be55500> | Application |
| fedoraproject | fedora | 35 | <built-in method update of dict object at 0x72a99be56f40> | Operating System |
| fedoraproject | fedora | 36 | <built-in method update of dict object at 0x72a963c6b200> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* |