You are here

Home › Apache HTTP Server Vulnerabilities Related to Version 2.4.53

Apache HTTP Server Vulnerabilities Related to Version 2.4.53

Submitted on 14. March 2022 - 13:20 by rischi.
Last update on 16. March 2022 - 0:21.
IDs: 
CVE-2022-22719, CVE-2022-22720, CVE-2022-22720, CVE-2022-23943
Keywords: 
httpd, Apache
Description: 

Apache HTTP Server version 2.4.53 fixes 4 vulnerabilities [1]. Airlock Gateway uses the server as web acceptor for incoming HTTP connections.

Airlock Gateway may be vulnerable. See resolution.

Details:

  • The following modules are not used by Airlock Gateway. Airlock Gateway is therefore not affected.
    • mod_lua Use of uninitialized value of in r:parsebody (CVE-2022-22719)
    • mod_sed: Read/write beyond bounds (CVE-2022-23943)
  • Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721)
    • The affected config directive is not used by Airlock Gateway
  • HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier (CVE-2022-22720)
    • Airlock Gateway is not affected by currently known HTTP request smuggling attack techniques [2]
Resolution: 

No action required.

Component: 
Airlock
Airlock Vulnerability Status: 
Airlock vulnerable, see resolution
Back-end Vulnerability Status: 
Back-ends may be vulnerable, see resolution
Reference: 
[1] Apache httpd 2.4 vulnerabilities
[2] HTTP Request Smuggling
© Ergon Informatik AG