CVE Published: 08/06/2022 |
CVE Updated: 03/08/2024 |
CVE Year: 2022 Source: apache |
Vendor: Apache Software Foundation |
Product: Apache HTTP Server Status : PUBLISHED
CVE-2022-29404 Description
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.