CVE-2022-28330: read beyond bounds in mod_isapi

Reference Links

• https://exchange.xforce.ibmcloud.com/vulnerabilities/228341
• https://www.ibm.com/support/pages/node/6952319 (Advisory)
• http://www.openwall.com/lists/oss-security/2022/06/08/3
• https://httpd.apache.org/security/vulnerabilities_24.html
• https://security.netapp.com/advisory/ntap-20220624-0005/
• https://www.openwall.com/lists/oss-security/2022/06/08/3
• https://access.redhat.com/errata/RHSA-2022:8840
• https://access.redhat.com/errata/RHSA-2022:8841
• https://access.redhat.com/security/cve/cve-2022-28330
• https://bugzilla.redhat.com/show_bug.cgi?id=2095000
• https://www.cve.org/CVERecord?id=CVE-2022-28330 https://nvd.nist.gov/vuln/detail/CVE-2022-28330 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28330

Parent vulnerabilities

(Appears in the following advisories)

• RHSA-2022:8841
• IBM-6952319

Frequently Asked Questions

• What is CVE-2022-28330?

  CVE-2022-28330 is an out-of-bounds read vulnerability found in the mod_isapi module of Apache HTTP Server.

• What is the severity of CVE-2022-28330?

  The severity of CVE-2022-28330 is medium with a severity value of 5.3.

• How does CVE-2022-28330 affect Apache HTTP Server?

  CVE-2022-28330 affects Apache HTTP Server versions 2.4.53 and earlier on Windows when configured to process requests with the mod_isapi module.

• How can CVE-2022-28330 be fixed?

  To fix CVE-2022-28330, it is recommended to upgrade Apache HTTP Server to version 2.4.54 or later.

• Where can I find more information about CVE-2022-28330?

  You can find more information about CVE-2022-28330 at the following references: [CVE-2022-28330](https://www.cve.org/CVERecord?id=CVE-2022-28330), [NVD](https://nvd.nist.gov/vuln/detail/CVE-2022-28330), [Apache HTTP Server](https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28330), [Red Hat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=2095000), [Red Hat Security Advisory](https://access.redhat.com/errata/RHSA-2022:8841).