The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7647 advisory.

  - httpd: mod_lua: Use of uninitialized value of in r:parsebody (CVE-2022-22719)

  - httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721)

  - httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)

  - httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)

  - httpd: Out-of-bounds read via ap_rwrite() (CVE-2022-28614)

  - httpd: Out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)

  - httpd: mod_lua: DoS in r:parsebody (CVE-2022-29404)

  - httpd: mod_sed: DoS vulnerability (CVE-2022-30522)

  - httpd: mod_lua: Information disclosure with websockets (CVE-2022-30556)

  - httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

CentOS 8 : httpd:2.4 (CESA-2022:7647)

critical Nessus Plugin ID 167180

Version 1.3

Version 1.2

Version 1.2

Version 1.3 Feb 9, 2023, 1:07 AM Logic Changes (Updated versions to include commit hash)
Version 1.2 Nov 9, 2022, 1:54 PM New
Version 1.2 Feb 8, 2023, 11:19 PM Logic Changes (Updated versions to include commit hash)