Source: thenewstack.io
There’s a Nasty Security Hole in the Apache Webserver
Here a security hole, there a security hole, everywhere a security hole. This is a Denial of Service (DoS) attack in the https://httpd.apache.org/‘s https://httpd.apache.org/docs/2.4/mod/mod_sed.html.
In March 2022, https://nvd.nist.gov/vuln/detail/CVE-2022-23943, an Apache memory corruption vulnerability in mod_sed, was uncovered.
But, https://www.linkedin.com/in/brianmoussalli/?originalSubdomain=il, the https://jfrog.com/ Security Research team’s Security Research Tech Lead, worried that while the https://jfrog.com/blog/cve-2022-30522-denial-of-service-dos-vulnerability-in-apache-httpd-mod_sed-filter/, it created a new unwanted behavior.”
Essentially mod_sed enables you to use a steam editor, yes, the classic Unix https://www.gnu.org/software/sed/manual/sed.html, to manipulate input and output streams for server requests.
In March 2022, https://nvd.nist.gov/vuln/detail/CVE-2022-23943, an Apache memory corruption vulnerability in mod_sed, was uncovered.
But, https://www.linkedin.com/in/brianmoussalli/?originalSubdomain=il, the https://jfrog.com/ Security Research team’s Security Research Tech Lead, worried that while the https://jfrog.com/blog/cve-2022-30522-denial-of-service-dos-vulnerability-in-apache-httpd-mod_sed-filter/, it created a new unwanted behavior.”
Essentially mod_sed enables you to use a steam editor, yes, the classic Unix https://www.gnu.org/software/sed/manual/sed.html, to manipulate input and output streams for server requests.
Related Articles
Community Partners
DevOps Careers