CVE-2021-34798

Опубликовано: 16 сент. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Средний

Описание

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

Ссылки

http://httpd.apache.org/security/vulnerabilities_24.html
Release Notes
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf
Patch
Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10379
Third Party Advisory
https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E
https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E
https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E
https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/
https://security.gentoo.org/glsa/202208-20
Third Party Advisory
https://security.netapp.com/advisory/ntap-20211008-0004/
Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ
Third Party Advisory
https://www.debian.org/security/2021/dsa-4982
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Patch
Third Party Advisory
https://www.tenable.com/security/tns-2021-17
Third Party Advisory
http://httpd.apache.org/security/vulnerabilities_24.html
Release Notes
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf
Patch
Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10379
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Версия до 2.4.48 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*

Конфигурация 5

cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*

Версия до 5.19.1 (включая)

Конфигурация 6

Одно из

cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*

cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*

Конфигурация 7

cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*

Конфигурация 8

Одно из

cpe:2.3:a:siemens:ruggedcom_nms:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*

Версия до 3.1 (исключая)

cpe:2.3:a:siemens:sinema_server:14.0:-:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.11686

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-476

Связанные уязвимости

CVE-2021-34798

CVSS3: 7.5

ubuntu

почти 4 года назад

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

CVE-2021-34798

CVSS3: 7.5

redhat

почти 4 года назад

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

CVE-2021-34798

CVSS3: 7.5

msrc

больше 3 лет назад

Описание отсутствует

CVE-2021-34798

CVSS3: 7.5

debian

почти 4 года назад

Malformed requests may cause the server to dereference a NULL pointer. ...

GHSA-6cg7-x9gh-4wf6

CVSS3: 7.5

github

около 3 лет назад

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

EPSS

Процентиль: 93%

0.11686

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-476