RHSA-2022:8840MediumCVSS 9.8

Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update

Published
December 8, 2022
Last Modified
June 29, 2026

🔗 CVE IDs covered (17)

📋 Description

CVE-2022-1292 — openssl: c_rehash script allows command injection CVE-2022-2068 — openssl: the c_rehash script allows command injection CVE-2022-22721 — httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody CVE-2022-23943 — httpd: mod_sed: Read/write beyond bounds CVE-2022-26377 — httpd: mod_proxy_ajp: Possible request smuggling CVE-2022-27781 — curl: CERTINFO never-ending busy-loop CVE-2022-28614 — httpd: Out-of-bounds read via ap_rwrite() CVE-2022-28615 — httpd: Out-of-bounds read in ap_strcmp_match() CVE-2022-30522 — httpd: mod_sed: DoS vulnerability CVE-2022-31813 — httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism CVE-2022-32206 — curl: HTTP compression denial of service CVE-2022-32207 — curl: Unpreserved file permissions CVE-2022-32208 — curl: FTP-KRB bad message verification CVE-2022-32221 — curl: POST following PUT confusion CVE-2022-35252 — curl: Incorrect handling of control code characters in cookies CVE-2022-42915 — curl: HTTP proxy double-free CVE-2022-42916 — curl: HSTS bypass via IDN

🔗 References (20)