Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server
This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.
Users are recommended to upgrade to version 2.4.68, which fixes the issue.
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Http_server | Apache | 2.4.0 (including) | 2.4.68 (excluding) |
| Red Hat Enterprise Linux 10 | RedHat | httpd-0:2.4.63-13.el10_2.4 | * |
| Apache2 | Ubuntu | devel | * |
| Apache2 | Ubuntu | upstream | * |