VulnerableCode Package Details - pkg:alpm/archlinux/apache@2.4.54-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3s4q-7ked-aaag	Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.	CVE-2022-31813
VCID-bjwz-mszt-aaag	The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.	CVE-2022-28614
VCID-mkb3-hse5-aaam	Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.	CVE-2022-30556
VCID-mxf3-h568-aaae	Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.	CVE-2022-28615
VCID-nb5p-3kg7-aaab	In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.	CVE-2022-29404
VCID-pwbf-6cc6-aaap	Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.	CVE-2022-26377
VCID-xsdu-9jb4-aaas	If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.	CVE-2022-30522

Vulnerability

Summary

Aliases

VCID-3s4q-7ked-aaag

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.

CVE-2022-31813

VCID-bjwz-mszt-aaag

The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.

CVE-2022-28614

VCID-mkb3-hse5-aaam

Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.

CVE-2022-30556

VCID-mxf3-h568-aaae

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.

CVE-2022-28615

VCID-nb5p-3kg7-aaab

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.

CVE-2022-29404

VCID-pwbf-6cc6-aaap

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.

CVE-2022-26377

VCID-xsdu-9jb4-aaas

If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.

CVE-2022-30522

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:46:21.089422+00:00	Arch Linux Importer	Fixing	VCID-pwbf-6cc6-aaap	https://security.archlinux.org/AVG-2763	36.0.0
2025-03-28T07:46:21.070241+00:00	Arch Linux Importer	Fixing	VCID-bjwz-mszt-aaag	https://security.archlinux.org/AVG-2763	36.0.0
2025-03-28T07:46:21.049219+00:00	Arch Linux Importer	Fixing	VCID-mxf3-h568-aaae	https://security.archlinux.org/AVG-2763	36.0.0
2025-03-28T07:46:21.030513+00:00	Arch Linux Importer	Fixing	VCID-nb5p-3kg7-aaab	https://security.archlinux.org/AVG-2763	36.0.0
2025-03-28T07:46:21.011702+00:00	Arch Linux Importer	Fixing	VCID-xsdu-9jb4-aaas	https://security.archlinux.org/AVG-2763	36.0.0
2025-03-28T07:46:20.992996+00:00	Arch Linux Importer	Fixing	VCID-mkb3-hse5-aaam	https://security.archlinux.org/AVG-2763	36.0.0
2025-03-28T07:46:20.974221+00:00	Arch Linux Importer	Fixing	VCID-3s4q-7ked-aaag	https://security.archlinux.org/AVG-2763	36.0.0
2024-09-18T02:01:35.044357+00:00	Arch Linux Importer	Fixing	VCID-pwbf-6cc6-aaap	https://security.archlinux.org/AVG-2763	34.0.1
2024-09-18T02:01:35.021614+00:00	Arch Linux Importer	Fixing	VCID-bjwz-mszt-aaag	https://security.archlinux.org/AVG-2763	34.0.1
2024-09-18T02:01:34.998378+00:00	Arch Linux Importer	Fixing	VCID-mxf3-h568-aaae	https://security.archlinux.org/AVG-2763	34.0.1
2024-09-18T02:01:34.974853+00:00	Arch Linux Importer	Fixing	VCID-nb5p-3kg7-aaab	https://security.archlinux.org/AVG-2763	34.0.1
2024-09-18T02:01:34.951759+00:00	Arch Linux Importer	Fixing	VCID-xsdu-9jb4-aaas	https://security.archlinux.org/AVG-2763	34.0.1
2024-09-18T02:01:34.929204+00:00	Arch Linux Importer	Fixing	VCID-mkb3-hse5-aaam	https://security.archlinux.org/AVG-2763	34.0.1
2024-09-18T02:01:34.898981+00:00	Arch Linux Importer	Fixing	VCID-3s4q-7ked-aaag	https://security.archlinux.org/AVG-2763	34.0.1
2024-01-03T22:27:42.543339+00:00	Arch Linux Importer	Fixing	VCID-pwbf-6cc6-aaap	https://security.archlinux.org/AVG-2763	34.0.0rc1
2024-01-03T22:27:42.524534+00:00	Arch Linux Importer	Fixing	VCID-bjwz-mszt-aaag	https://security.archlinux.org/AVG-2763	34.0.0rc1
2024-01-03T22:27:42.502903+00:00	Arch Linux Importer	Fixing	VCID-mxf3-h568-aaae	https://security.archlinux.org/AVG-2763	34.0.0rc1
2024-01-03T22:27:42.481207+00:00	Arch Linux Importer	Fixing	VCID-nb5p-3kg7-aaab	https://security.archlinux.org/AVG-2763	34.0.0rc1
2024-01-03T22:27:42.459227+00:00	Arch Linux Importer	Fixing	VCID-xsdu-9jb4-aaas	https://security.archlinux.org/AVG-2763	34.0.0rc1
2024-01-03T22:27:42.437677+00:00	Arch Linux Importer	Fixing	VCID-mkb3-hse5-aaam	https://security.archlinux.org/AVG-2763	34.0.0rc1
2024-01-03T22:27:42.413726+00:00	Arch Linux Importer	Fixing	VCID-3s4q-7ked-aaag	https://security.archlinux.org/AVG-2763	34.0.0rc1

2025-03-28T07:46:21.089422+00:00

Arch Linux Importer

Fixing