CVE-2022-29404

Summary

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache HTTP Serverunspecified <= 2.4.53affected

Weaknesses

  • CWE-770: CWE-770: Allocation of Resources Without Limits or Throttling

ADP Enrichment

CVE Program Container

Additional References

References