ΠΠΏΡΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 16 ΡΠ΅Π½Ρ. 2021
ΠΡΡΠΎΡΠ½ΠΈΠΊ: nvd
CVSS3: 9
CVSS2: 6.8
EPSS ΠΡΠΈΡΠΈΡΠ΅ΡΠΊΠΈΠΉ
ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
Π‘ΡΡΠ»ΠΊΠΈ
- Third Party Advisory
- Release NotesVendor Advisory
- Mailing List
- Mailing List
- Mailing List
- Mailing List
- Mailing List
- Mailing List
- Mailing List
- Mailing ListThird Party Advisory
- Release Notes
- Release Notes
- Third Party Advisory
- Third Party Advisory
- Broken LinkThird Party Advisory
- Mailing ListThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
Π£ΡΠ·Π²ΠΈΠΌΡΠ΅ ΠΊΠΎΠ½ΡΠΈΠ³ΡΡΠ°ΡΠΈΠΈ
ΠΠΎΠ½ΡΠΈΠ³ΡΡΠ°ΡΠΈΡ 1
cpe:2.3:o:resf:rocky_linux:8.0:*:*:*:*:*:*:*
ΠΠΎΠ½ΡΠΈΠ³ΡΡΠ°ΡΠΈΡ 2
ΠΠ΄Π½ΠΎΠ²ΡΠ΅ΠΌΠ΅Π½Π½ΠΎ
cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*
ΠΠ΄Π½ΠΎ ΠΈΠ·
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
ΠΠΎΠ½ΡΠΈΠ³ΡΡΠ°ΡΠΈΡ 3
ΠΠ΄Π½ΠΎΠ²ΡΠ΅ΠΌΠ΅Π½Π½ΠΎ
cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
ΠΠ΄Π½ΠΎ ΠΈΠ·
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_workstation:7.0:*:*:*:*:*:*:*
ΠΠΎΠ½ΡΠΈΠ³ΡΡΠ°ΡΠΈΡ 4
ΠΠ΄Π½ΠΎ ΠΈΠ·
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
ΠΠΎΠ½ΡΠΈΠ³ΡΡΠ°ΡΠΈΡ 5ΠΠ΅ΡΡΠΈΡ Π΄ΠΎ 2.4.48 (Π²ΠΊΠ»ΡΡΠ°Ρ)
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
ΠΠΎΠ½ΡΠΈΠ³ΡΡΠ°ΡΠΈΡ 6
ΠΠ΄Π½ΠΎ ΠΈΠ·
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
ΠΠΎΠ½ΡΠΈΠ³ΡΡΠ°ΡΠΈΡ 7
ΠΠ΄Π½ΠΎ ΠΈΠ·
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
ΠΠΎΠ½ΡΠΈΠ³ΡΡΠ°ΡΠΈΡ 8
ΠΠ΄Π½ΠΎ ΠΈΠ·
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*
ΠΠΎΠ½ΡΠΈΠ³ΡΡΠ°ΡΠΈΡ 9ΠΠ΅ΡΡΠΈΡ ΠΎΡ 1.1.0 (Π²ΠΊΠ»ΡΡΠ°Ρ) Π΄ΠΎ 1.1.4 (Π²ΠΊΠ»ΡΡΠ°Ρ)ΠΠ΅ΡΡΠΈΡ ΠΎΡ 1.2.0 (Π²ΠΊΠ»ΡΡΠ°Ρ) Π΄ΠΎ 1.2.1 (Π²ΠΊΠ»ΡΡΠ°Ρ)
ΠΠ΄Π½ΠΎ ΠΈΠ·
cpe:2.3:o:f5:f5os:*:*:*:*:*:*:*:*
cpe:2.3:o:f5:f5os:*:*:*:*:*:*:*:*
ΠΠΎΠ½ΡΠΈΠ³ΡΡΠ°ΡΠΈΡ 10
ΠΠ΄Π½ΠΎ ΠΈΠ·
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:secure_global_desktop:5.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
ΠΠΎΠ½ΡΠΈΠ³ΡΡΠ°ΡΠΈΡ 11ΠΠ΅ΡΡΠΈΡ Π΄ΠΎ 1.0.3 (ΠΈΡΠΊΠ»ΡΡΠ°Ρ)ΠΠ΅ΡΡΠΈΡ Π΄ΠΎ 3.1 (ΠΈΡΠΊΠ»ΡΡΠ°Ρ)
ΠΠ΄Π½ΠΎ ΠΈΠ·
cpe:2.3:a:siemens:ruggedcom_nms:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinema_server:14.0:-:*:*:*:*:*:*
ΠΠΎΠ½ΡΠΈΠ³ΡΡΠ°ΡΠΈΡ 12ΠΠ΅ΡΡΠΈΡ Π΄ΠΎ 5.19.1 (Π²ΠΊΠ»ΡΡΠ°Ρ)
cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*
EPSS
ΠΡΠΎΡΠ΅Π½ΡΠΈΠ»Ρ: 100%
0.94432
ΠΡΠΈΡΠΈΡΠ΅ΡΠΊΠΈΠΉ
9 Critical
CVSS3
6.8 Medium
CVSS2
ΠΠ΅ΡΠ΅ΠΊΡΡ
CWE-918
CWE-918
Π‘Π²ΡΠ·Π°Π½Π½ΡΠ΅ ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΠΈ
CVSS3: 9
ubuntu
ΠΏΠΎΡΡΠΈ 4 Π³ΠΎΠ΄Π° Π½Π°Π·Π°Π΄
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVSS3: 9
redhat
ΠΏΠΎΡΡΠΈ 4 Π³ΠΎΠ΄Π° Π½Π°Π·Π°Π΄
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVSS3: 9
debian
ΠΏΠΎΡΡΠΈ 4 Π³ΠΎΠ΄Π° Π½Π°Π·Π°Π΄
A crafted request uri-path can cause mod_proxy to forward the request ...
CVSS3: 9
github
ΠΎΠΊΠΎΠ»ΠΎ 3 Π»Π΅Ρ Π½Π°Π·Π°Π΄
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
EPSS
ΠΡΠΎΡΠ΅Π½ΡΠΈΠ»Ρ: 100%
0.94432
ΠΡΠΈΡΠΈΡΠ΅ΡΠΊΠΈΠΉ
9 Critical
CVSS3
6.8 Medium
CVSS2
ΠΠ΅ΡΠ΅ΠΊΡΡ
CWE-918
CWE-918