Control: tags -1 + confirmed On Thu, 2022-06-09 at 09:16 +0200, Yadd wrote: > Apache2 2.4.54 fixes several security issues: > * moderate: mod_proxy_ajp: Possible request smuggling (CVE-2022- > 26377) > Inconsistent Interpretation of HTTP Requests ('HTTP Request > Smuggling') > vulnerability in mod_proxy_ajp of Apache HTTP Server allows an > attacker > to smuggle requests to the AJP server it forwards requests to. > * low: read beyond bounds in mod_isapi (CVE-2022-28330) > * low: read beyond bounds via ap_rwrite() (CVE-2022-28614) > * low: Read beyond bounds in ap_strcmp_match() (CVE-2022-28615) > * low: Denial of service in mod_lua r:parsebody (CVE-2022-29404) > * low: mod_sed denial of service (CVE-2022-30522) > * low: Information Disclosure in mod_lua with websockets (CVE-2022- > 30556) > * low: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism > (CVE-2022-31813) >
Please go ahead, bearing in mind that the window for getting uploads into the 11.4 point release closes during this weekend. Regards, Adam