CVE-2022-30556

CVE-2022-30556: Information Disclosure in mod_lua with websockets

Vendor Apache Software Foundation

Product Apache HTTP Server

Weakness CWE-200 · Info exposure

Published June 8, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.

Key dates

02Disclosure timeline

June 8, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-30556

Related vulnerabilities

04Related CVE

CVE-2024-30118 HCL Connections is susceptible to a sensitive information disclosure vulnerability CVE-2025-26604 Possibility to retrieve bot token by malicious module developers in Discord-Bot-Framework-Kernel CVE-2018-0134 CVE-2023-46701 Inaccessible Post Information Leak via Run Timeline IDOR CVE-2022-23982 WordPress Perfect Brands for WooCommerce plugin <= 2.0.4 - Server Information Exposure vulnerability