RHSA-2022:8841HighCVSS 9.8

Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update

Published
December 8, 2022
Last Modified
June 30, 2026

🔗 CVE IDs covered (23)

📋 Description

CVE-2022-1292 — openssl: c_rehash script allows command injection CVE-2022-2068 — openssl: the c_rehash script allows command injection CVE-2022-22721 — httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody CVE-2022-23943 — httpd: mod_sed: Read/write beyond bounds CVE-2022-26377 — httpd: mod_proxy_ajp: Possible request smuggling CVE-2022-27781 — curl: CERTINFO never-ending busy-loop CVE-2022-28330 — httpd: mod_isapi: out-of-bounds read CVE-2022-28614 — httpd: Out-of-bounds read via ap_rwrite() CVE-2022-28615 — httpd: Out-of-bounds read in ap_strcmp_match() CVE-2022-29824 — libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write CVE-2022-30522 — httpd: mod_sed: DoS vulnerability CVE-2022-31813 — httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism CVE-2022-32206 — curl: HTTP compression denial of service CVE-2022-32207 — curl: Unpreserved file permissions CVE-2022-32208 — curl: FTP-KRB bad message verification CVE-2022-32221 — curl: POST following PUT confusion CVE-2022-35252 — curl: Incorrect handling of control code characters in cookies CVE-2022-37434 — zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field CVE-2022-40303 — libxml2: integer overflows with XML_PARSE_HUGE CVE-2022-40304 — libxml2: dict corruption caused by entity reference cycles CVE-2022-40674 — expat: a use-after-free in the doContent function in xmlparse.c CVE-2022-42915 — curl: HTTP proxy double-free CVE-2022-42916 — curl: HSTS bypass via IDN

🔗 References (26)