Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Apache Denial of service in mod_lua r:parsebody Vulnerability - CVE-2022-29404 - Vulnerability Database
Apache HTTP Server

Apache Denial of service in mod_lua r:parsebody Vulnerability - CVE-2022-29404

Medium
Reference: CVE-2022-29404
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-29404
Title: Apache Denial of service in mod_lua r:parsebody Vulnerability
Overview:

In Apache HTTP Server 2.4.53 and earlier a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.