RHSA-2022:7144HighCVSS 9.8

Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update

Published
October 26, 2022
Last Modified
June 29, 2026

🔗 CVE IDs covered (21)

📋 Description

CVE-2018-25032 — zlib: A flaw found in zlib when compressing (not decompressing) certain inputs CVE-2021-33193 — httpd: Request splitting via HTTP/2 method injection and mod_proxy CVE-2021-36160 — httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path CVE-2021-39275 — httpd: Out-of-bounds write in ap_escape_quotes() via malicious input CVE-2021-41524 — httpd: NULL pointer dereference via crafted request during HTTP/2 request processing CVE-2021-44224 — httpd: possible NULL dereference or SSRF in forward proxy configurations CVE-2021-45960 — expat: Large number of prefixed XML attributes on a single tag can crash libexpat CVE-2021-46143 — expat: Integer overflow in doProlog in xmlparse.c CVE-2022-22822 — expat: Integer overflow in addBinding in xmlparse.c CVE-2022-22823 — expat: Integer overflow in build_model in xmlparse.c CVE-2022-22824 — expat: Integer overflow in defineAttribute in xmlparse.c CVE-2022-22825 — expat: Integer overflow in lookup in xmlparse.c CVE-2022-22826 — expat: Integer overflow in nextScaffoldPart in xmlparse.c CVE-2022-22827 — expat: Integer overflow in storeAtts in xmlparse.c CVE-2022-23852 — expat: Integer overflow in function XML_GetBuffer CVE-2022-23990 — expat: integer overflow in the doProlog function CVE-2022-25235 — expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution CVE-2022-25236 — expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution CVE-2022-25313 — expat: Stack exhaustion in doctype parsing CVE-2022-25314 — expat: Integer overflow in copyString() CVE-2022-25315 — expat: Integer overflow in storeRawNames()

🔗 References (24)