{"affected":[{"ecosystem_specific":{"binaries":[{"apache2":"2.4.51-150400.6.3.1","apache2-prefork":"2.4.51-150400.6.3.1","apache2-utils":"2.4.51-150400.6.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP4","name":"apache2","purl":"pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.4.51-150400.6.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"apache2-event":"2.4.51-150400.6.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP4","name":"apache2","purl":"pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.4.51-150400.6.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"apache2-devel":"2.4.51-150400.6.3.1","apache2-doc":"2.4.51-150400.6.3.1","apache2-worker":"2.4.51-150400.6.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Server Applications 15 SP4","name":"apache2","purl":"pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.4.51-150400.6.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"apache2":"2.4.51-150400.6.3.1","apache2-devel":"2.4.51-150400.6.3.1","apache2-doc":"2.4.51-150400.6.3.1","apache2-event":"2.4.51-150400.6.3.1","apache2-example-pages":"2.4.51-150400.6.3.1","apache2-prefork":"2.4.51-150400.6.3.1","apache2-utils":"2.4.51-150400.6.3.1","apache2-worker":"2.4.51-150400.6.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.4","name":"apache2","purl":"pkg:rpm/opensuse/apache2&distro=openSUSE%20Leap%2015.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.4.51-150400.6.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for apache2 fixes the following issues:\n\n  - CVE-2022-26377: Fixed possible request smuggling in mod_proxy_ajp (bsc#1200338)\n  - CVE-2022-28614: Fixed read beyond bounds via ap_rwrite() (bsc#1200340)\n  - CVE-2022-28615: Fixed read beyond bounds in ap_strcmp_match() (bsc#1200341)\n  - CVE-2022-29404: Fixed denial of service in mod_lua r:parsebody (bsc#1200345)\n  - CVE-2022-30556: Fixed information disclosure in mod_lua with websockets (bsc#1200350)\n  - CVE-2022-30522: Fixed mod_sed denial of service (bsc#1200352)\n  - CVE-2022-31813: Fixed mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism (bsc#1200348)\n","id":"SUSE-SU-2022:2302-1","modified":"2022-07-06T11:37:36Z","published":"2022-07-06T11:37:36Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2022/suse-su-20222302-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1198913"},{"type":"REPORT","url":"https://bugzilla.suse.com/1200338"},{"type":"REPORT","url":"https://bugzilla.suse.com/1200340"},{"type":"REPORT","url":"https://bugzilla.suse.com/1200341"},{"type":"REPORT","url":"https://bugzilla.suse.com/1200345"},{"type":"REPORT","url":"https://bugzilla.suse.com/1200348"},{"type":"REPORT","url":"https://bugzilla.suse.com/1200350"},{"type":"REPORT","url":"https://bugzilla.suse.com/1200352"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-26377"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-28614"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-28615"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-29404"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-30522"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-30556"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-31813"}],"related":["CVE-2022-26377","CVE-2022-28614","CVE-2022-28615","CVE-2022-29404","CVE-2022-30522","CVE-2022-30556","CVE-2022-31813"],"summary":"Security update for apache2","upstream":["CVE-2022-26377","CVE-2022-28614","CVE-2022-28615","CVE-2022-29404","CVE-2022-30522","CVE-2022-30556","CVE-2022-31813"]}