Debian: CVE-2022-28615 / CVE-2022-29404 / CVE-2022-30522 / CVE-2022-31813: apache2: A flaw was found in the mod_proxy module of httpd
Bug #1985885 reported by
Wentao Zhang
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Wentao Zhang |
Bug Description
Brief Description
-----------------
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.
Red Hat's analysis is here: https:/
NIST is here: https:/
- no data yet.
Severity
--------
<Minor: System/Feature is usable with minor issue>
CVE References
information type: | Private Security → Public Security |
Changed in starlingx: | |
assignee: | nobody → Wentao Zhang (wzhang4) |
tags: | added: stx.8.0 stx.security |
Changed in starlingx: | |
importance: | Undecided → Medium |
summary: |
- CVE-2022-31813: A flaw was found in the mod_proxy module of httpd + Debian: CVE-2022-31813: apache2: A flaw was found in the mod_proxy + module of httpd |
tags: | added: stx.debian |
summary: |
- Debian: CVE-2022-31813: apache2: A flaw was found in the mod_proxy - module of httpd + Debian: CVE-2022-26377 / CVE-2022-28615 / CVE-2022-29404 / + CVE-2022-30522 / CVE-2022-30556 / CVE-2022-31813: apache2: A flaw was + found in the mod_proxy module of httpd |
summary: |
- Debian: CVE-2022-26377 / CVE-2022-28615 / CVE-2022-29404 / - CVE-2022-30522 / CVE-2022-30556 / CVE-2022-31813: apache2: A flaw was - found in the mod_proxy module of httpd + Debian: CVE-2022-28615 / CVE-2022-29404 / CVE-2022-30522 / + CVE-2022-31813: apache2: A flaw was found in the mod_proxy module of + httpd |
To post a comment you must log in.
Fix proposed to branch: master /review. opendev. org/c/starlingx /tools/ +/852944
Review: https:/