CVE-2022-29404

High

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due…

apache·CWE-770·Published 2022-06-08

CVSS

7.5

EPSS

0.06

KEV

Exploits

cve.orgen

181 chars

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.

NVDen

181 chars

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.

NVDes

230 chars

En Apache HTTP Server 2.4.53 y anteriores, una petición maliciosa a un script lua que llame a r:parsebody(0) puede causar una denegación de servicio debido a que no presenta un límite por defecto en el tamaño posible de la entrada

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H