Apache HTTP Server: mod_macro buffer over-read
CVE-2023-31122

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Http Server
Vendor: CVE Published:; 23 October 2023

What is CVE-2023-31122?

An out-of-bounds read vulnerability has been identified in the mod_macro module of Apache HTTP Server, affecting versions up to and including 2.4.57. This vulnerability may allow an attacker to exploit the server, leading to unauthorized access to sensitive data or application misbehavior. It is crucial for users of affected versions to apply necessary updates to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Apache HTTP Server 0 <= 2.4.57

References

https://httpd.apache.org/security/vulnerabilities_24.html

vendor-advisory

https://lists.fedoraproject.org/archives/list/package-ann...

https://security.netapp.com/advisory/ntap-20231027-0011/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 23, 2023
Vulnerability Reserved
Apr 24, 2023

Credit

David Shoon (github/davidshoon)