Apache HTTP Server: mod_macro buffer over-read
CVE-2023-31122

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Http Server
Vendor: CVE Published:; 23 October 2023

Summary

An out-of-bounds read vulnerability has been identified in the mod_macro module of Apache HTTP Server, affecting versions up to and including 2.4.57. This vulnerability may allow an attacker to exploit the server, leading to unauthorized access to sensitive data or application misbehavior. It is crucial for users of affected versions to apply necessary updates to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Apache HTTP Server 0 <= 2.4.57

References

https://httpd.apache.org/security/vulnerabilities_24.html

vendor-advisory

https://lists.fedoraproject.org/archives/list/package-ann...

https://security.netapp.com/advisory/ntap-20231027-0011/

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 23, 2023
Vulnerability Reserved
Apr 24, 2023

Credit

David Shoon (github/davidshoon)