Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-26690

Опубликовано: 04 июн. 2021
Источник: redhat
CVSS3: 7.5
EPSS Средний

Описание

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service

A NULL pointer dereference was found in Apache httpd mod_session. The highest threat from this vulnerability is to system availability.

Отчет

This is a null pointer deference caused when using mod_session. It can result in crash of httpd child process by a remote attacker.

Меры по смягчению последствий

Only configurations which use the "SessionEnv" directive (which is not widely used) are vulnerable to this flaw. SessionEnv is not enabled in default configuration of httpd package shipped with Red Hat Products.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6httpdNot affected
Red Hat Enterprise Linux 7httpdOut of support scope
Red Hat Enterprise Linux 9httpdNot affected
Red Hat JBoss Enterprise Application Platform 6httpd22Out of support scope
Red Hat JBoss Enterprise Web Server 2httpd22Out of support scope
Red Hat Software Collectionshttpd24-httpdWill not fix
JBoss Core Services for RHEL 8jbcs-httpd24-aprFixedRHSA-2021:461410.11.2021
JBoss Core Services for RHEL 8jbcs-httpd24-apr-utilFixedRHSA-2021:461410.11.2021
JBoss Core Services for RHEL 8jbcs-httpd24-curlFixedRHSA-2021:461410.11.2021
JBoss Core Services for RHEL 8jbcs-httpd24-httpdFixedRHSA-2021:461410.11.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1966729httpd: mod_session: NULL pointer dereference when parsing Cookie header

EPSS

Процентиль: 99%
0.68374
Средний

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-26690

CVSS3: 7.5
ubuntu
около 4 лет назад

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service

nvd логотип

CVE-2021-26690

CVSS3: 7.5
nvd
около 4 лет назад

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service

msrc логотип

CVE-2021-26690

CVSS3: 7.5
msrc
около 4 лет назад

Описание отсутствует

debian логотип

CVE-2021-26690

CVSS3: 7.5
debian
около 4 лет назад

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie ...

github логотип

GHSA-f669-j28w-pjvg

github
около 3 лет назад

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service

EPSS

Процентиль: 99%
0.68374
Средний

7.5 High

CVSS3