VDB
CVE-2022-41556
CVE-2022-41556
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Es besteht eine Schwachstelle in lighttpd aufgrund eines Ressourcenlecks in "mod_fastcgi" und "mod_scgi". Ein Angreifer kann einen Denial of Service-Zustand herbeiführen, indem er eine große Anzahl von fehlerhaften HTTP-Anfragen sendet.
EPSS 1.81% · 83.2th percentile
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
1.81%
83.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xerox | Xerox FreeFlow Print Server 7 | |
| Xerox | Xerox FreeFlow Print Server v2 | |
| Xerox | Xerox FreeFlow Print Server 9 | |
| Ubuntu | Ubuntu Linux |
Exploit Intelligence
- https://github.com/lighttpd/lighttpd1.4/pull/115 (nist-nvd)
- Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. (github-poc)
- Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. (github-poc)
- Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. (github-poc)
- Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. (github-poc)
- Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. (github-poc)
- Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. (github-poc)
- arturo-b-cmu/cve-2016-20012 (github-poc)
- arturo-b-cmu/cve-2016-20012 (github-poc)
- arturo-b-cmu/cve-2016-20012 (github-poc)
…and 620 more exploits
Timeline
- Jun 28, 2021 PoC Published
- Dec 11, 2021 PoC Published
- Dec 13, 2021 PoC Published
- Dec 18, 2021 PoC Published
- Apr 7, 2022 PoC Published
- Jun 7, 2022 PoC Published
- Sep 16, 2022 PoC Published
- Sep 29, 2022 CVE Published
- Oct 7, 2022 EPSS Score
- Nov 20, 2022 EPSS Score
- Feb 17, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1585.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1585 advisory
- https://ubuntu.com/security/notices/USN-5903-1 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2130965 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0561.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0561 advisory
- https://security.business.xerox.com/wp-content/uploads/2023/05/Xerox-Security-Bulletin-XRX23-007-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v7.pdf advisory
- https://security.business.xerox.com/wp-content/uploads/2023/04/Xerox-Security-Bulletin-XRX23-005-Xerox%25C2%25AE-FreeFlow%25C2%25AE-Print-Server-v9.pdf advisory
- https://security.business.xerox.com/wp-content/uploads/2023/03/Xerox-Security-Bulletin-XRX23-002-FreeFlow-Print-Server-v2_Windows10.pdf advisory
- https://security.business.xerox.com/wp-content/uploads/2023/03/Xerox-Security-Bulletin-XRX23-001-FreeFlow%C2%AE-Print-Server-v7.pdf advisory