Unrestricted Upload of File with Dangerous Type Vulnerability Affects Apache Answer
CVE-2024-22393

9.1CRITICAL

Key Information:

Vendor: Apache
Status: Apache Answer
Vendor: CVE Published:; 22 February 2024

Summary

The Apache Answer application has a vulnerability that allows users to upload dangerous file types without restriction. This issue can be exploited by a logged-in user to upload large pixel files, which leads to a pixel flood attack, potentially causing the server to run out of memory. It is crucial for users to update their installations to version 1.2.5 or higher to mitigate this risk.

Affected Version(s)

Apache Answer 0 <= 1.2.1

References

https://lists.apache.org/thread/f58l6dr4r74hl6o71gn47kmn4...

vendor-advisory

http://www.openwall.com/lists/oss-security/2024/02/22/1

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 22, 2024
Vulnerability Reserved
Jan 10, 2024

Credit

Mohammad Reza Omrani