AI description
CVE-2023-31122 is an out-of-bounds read vulnerability found in the `mod_macro` module of the Apache HTTP Server. This vulnerability affects Apache HTTP Server versions 2.4.57 and earlier. When processing a long macro, the module fails to add a null byte terminator. This oversight leads to an out-of-bounds read. Exploiting this vulnerability may cause a server crash. While the provided sources mention the potential for remote code execution, directory traversal, and command injection, other sources primarily describe the impact as a denial-of-service vulnerability due to the server crash. Upgrading to Apache HTTP Server version 2.4.58 or later mitigates this vulnerability.
- Description
- Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.
- Source
- security@apache.org
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- security@apache.org
- CWE-125
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
33
⚫ ¡Atención Ecuador! Anonymous denuncia fraude en el sistema del CNE. Apache/2.4.58 corrige vulnerabilidades importantes: 🔐 CVE-2023-43622 (HTTP/2) y CVE-2023-31122 (mod_macro) ⚠️. ¡Actualiza ya! 💻 ¿Por qué algunos informáticos usan servidores vulnerables? 🤔 A veces, por… h
@UrgenciaEcu
11 Feb 2025
16695 Impressions
280 Retweets
507 Likes
11 Bookmarks
23 Replies
11 Quotes
Usted sabia @cnegobec que su vulnerabilidad CVE-2023-31122 (mod_macro) Tiene la descripción: Vulnerabilidad en el módulo mod_macro de Apache (usado para definir macros en configuraciones), que permite la ejecución remota de código (RCE) o la escalada de privilegios si un… https
@YourAnonHunters
10 Feb 2025
43219 Impressions
453 Retweets
758 Likes
38 Bookmarks
37 Replies
32 Quotes
🚨 ¡Atención Ecuador y @DanielNoboaOk! Apache/2.4.58 corrige vulnerabilidades importantes: 🔐 CVE-2023-43622 (HTTP/2) y CVE-2023-31122 (mod_macro) ⚠️. ¡Actualiza ya! 💻 ¿Por qué algunos informáticos usan servidores vulnerables? 🤔 A veces, por falta de tiempo, conocimiento o por
@YourAnonHunters
10 Feb 2025
20926 Impressions
228 Retweets
340 Likes
31 Bookmarks
34 Replies
27 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A1BE631C-0308-4AEB-93CF-757B37D2BAFA",
"versionEndIncluding": "2.4.57"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
],
"operator": "OR"
}
]
}
]