What is the vulnerability ID for this flaw?

The vulnerability ID for this flaw is CVE-2022-30522.

What is the severity level of CVE-2022-30522?

The severity level of CVE-2022-30522 is high, with a severity value of 7.5.

Which software versions are affected by CVE-2022-30522?

The affected software versions are Apache HTTP Server 2.4.54, jbcs-httpd24-httpd 0:2.4.51-37.el8, jbcs-httpd24-httpd 0:2.4.51-37.el7, httpd 0:2.4.53-7.el9, and httpd24-httpd 0:2.4.34-23.el7.5.

How can this vulnerability be exploited?

This vulnerability can be exploited by a remote attacker by making excessively large memory allocations, leading to a denial of service.

Are there any remedies for CVE-2022-30522?

Yes, the remedy for CVE-2022-30522 is to update to Apache HTTP Server version 2.4.54.

Vulnerability/
CVE-2022-30522

high

7.5

CWE

770 789

8/6/2022

11/11/2024

CVE-2022-30522: mod_sed denial of service

First published: Wed Jun 08 2022(Updated: )

A flaw was found in the mod_sed module of httpd. A very large input to the mod_sed module can result in a denial of service due to excessively large memory allocations.

Credit: security@apache.org

Affected Software	Affected Version	How to fix
Apache HTTP server	=2.4.53
NetApp Clustered Data ONTAP
Fedoraproject Fedora	=35
Fedoraproject Fedora	=36
redhat/jbcs-httpd24-httpd	<0:2.4.51-37.el8	0:2.4.51-37.el8
redhat/jbcs-httpd24-httpd	<0:2.4.51-37.el7	0:2.4.51-37.el7
redhat/httpd	<0:2.4.53-7.el9	0:2.4.53-7.el9
redhat/httpd24-httpd	<0:2.4.34-23.el7.5	0:2.4.34-23.el7.5

Remedy

Disabling mod_sed and restating httpd will mitigate this flaw.

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is the vulnerability ID for this flaw?
The vulnerability ID for this flaw is CVE-2022-30522.
What is the severity level of CVE-2022-30522?
The severity level of CVE-2022-30522 is high, with a severity value of 7.5.
Which software versions are affected by CVE-2022-30522?
The affected software versions are Apache HTTP Server 2.4.54, jbcs-httpd24-httpd 0:2.4.51-37.el8, jbcs-httpd24-httpd 0:2.4.51-37.el7, httpd 0:2.4.53-7.el9, and httpd24-httpd 0:2.4.34-23.el7.5.
How can this vulnerability be exploited?
This vulnerability can be exploited by a remote attacker by making excessively large memory allocations, leading to a denial of service.
Are there any remedies for CVE-2022-30522?
Yes, the remedy for CVE-2022-30522 is to update to Apache HTTP Server version 2.4.54.

collector/redhat-cve
collector/nvd-index
agent/weakness
agent/type
agent/first-publish-date
agent/softwarecombine
agent/author
agent/severity
agent/remedy
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2022-30522
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/title
agent/references
collector/ibm-support
source/IBM
agent/last-modified-date
agent/tags
agent/event
agent/trending
package-manager/redhat
vendor/apache
canonical/apache http server
version/apache http server/2.4.53
vendor/netapp
canonical/netapp clustered data ontap
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/35
version/fedoraproject fedora/36