CVE-2022-22719
📋 TL;DR
CVE-2022-22719 is a memory corruption vulnerability in Apache HTTP Server where a specially crafted request body can cause the server to read from random memory locations, potentially leading to a denial of service. This affects Apache HTTP Server versions 2.4.52 and earlier. Organizations running vulnerable Apache web servers are at risk.
💻 Affected Systems
- Apache HTTP Server
📦 What is this software?
Fedora by Fedoraproject
Fedora by Fedoraproject
Fedora by Fedoraproject
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →⚠️ Risk & Real-World Impact
Worst Case
Process crash leading to denial of service, potentially allowing remote code execution in rare circumstances if memory corruption can be controlled.
Likely Case
Denial of service through process crashes, disrupting web services.
If Mitigated
Minimal impact with proper network segmentation, WAF filtering, and monitoring.
🎯 Exploit Status
Proof-of-concept code has been published in security advisories. Exploitation requires sending a specially crafted HTTP request body.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.4.53 and later
Vendor Advisory: https://httpd.apache.org/security/vulnerabilities_24.html
Restart Required: Yes
Instructions:
1. Download Apache HTTP Server 2.4.53 or later from https://httpd.apache.org/download.cgi 2. Stop the Apache service 3. Backup configuration files 4. Install the new version 5. Restore configuration files 6. Start the Apache service
🔧 Temporary Workarounds
Web Application Firewall (WAF) Filtering
allConfigure WAF rules to block suspicious HTTP request bodies that could trigger the vulnerability
Request Body Size Limitation
linuxLimit the maximum size of request bodies to reduce attack surface
LimitRequestBody 1048576
🧯 If You Can't Patch
- Implement network segmentation to isolate vulnerable servers from untrusted networks
- Deploy a reverse proxy or load balancer with request filtering capabilities in front of vulnerable servers
🔍 How to Verify
Check if Vulnerable:
Check Apache version with 'httpd -v' or 'apache2 -v' and verify it's 2.4.52 or earlierCheck Version:
httpd -v 2>/dev/null || apache2 -v 2>/dev/null || apachectl -v 2>/dev/nullVerify Fix Applied:
After patching, verify version is 2.4.53 or later and test web server functionality📡 Detection & Monitoring
Log Indicators:
- Apache process crashes
- Segmentation fault errors in error logs
- Unusual large request bodies
Network Indicators:
- HTTP requests with specially crafted bodies
- Multiple connection attempts followed by service disruption
SIEM Query:
source="apache_error.log" AND ("segmentation fault" OR "core dumped" OR "SIGSEGV")🔗 References
- http://seclists.org/fulldisclosure/2022/May/33
- http://seclists.org/fulldisclosure/2022/May/35
- http://seclists.org/fulldisclosure/2022/May/38
- http://www.openwall.com/lists/oss-security/2022/03/14/4
- https://httpd.apache.org/security/vulnerabilities_24.html
- https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/
- https://security.gentoo.org/glsa/202208-20
- https://security.netapp.com/advisory/ntap-20220321-0001/
- https://support.apple.com/kb/HT213255
- https://support.apple.com/kb/HT213256
- https://support.apple.com/kb/HT213257
- https://www.oracle.com/security-alerts/cpuapr2022.html
- http://seclists.org/fulldisclosure/2022/May/33
- http://seclists.org/fulldisclosure/2022/May/35
- http://seclists.org/fulldisclosure/2022/May/38
- http://www.openwall.com/lists/oss-security/2022/03/14/4
- https://httpd.apache.org/security/vulnerabilities_24.html
- https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/
- https://security.gentoo.org/glsa/202208-20
- https://security.netapp.com/advisory/ntap-20220321-0001/
- https://support.apple.com/kb/HT213255
- https://support.apple.com/kb/HT213256
- https://support.apple.com/kb/HT213257
- https://www.oracle.com/security-alerts/cpuapr2022.html
