Описание
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
A NULL pointer dereference in httpd allows an unauthenticated remote attacker to crash httpd by providing malformed HTTP requests. The highest threat from this vulnerability is to system availability.
Меры по смягчению последствий
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | httpd | Out of support scope | ||
| Red Hat Enterprise Linux 9 | httpd | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | httpd | Out of support scope | ||
| JBoss Core Services for RHEL 8 | jbcs-httpd24-apr | Fixed | RHSA-2021:4614 | 10.11.2021 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-apr-util | Fixed | RHSA-2021:4614 | 10.11.2021 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-curl | Fixed | RHSA-2021:4614 | 10.11.2021 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-httpd | Fixed | RHSA-2021:4614 | 10.11.2021 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-mod_cluster-native | Fixed | RHSA-2021:4614 | 10.11.2021 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-mod_http2 | Fixed | RHSA-2021:4614 | 10.11.2021 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-mod_jk | Fixed | RHSA-2021:4614 | 10.11.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
Malformed requests may cause the server to dereference a NULL pointer. ...
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
EPSS
7.5 High
CVSS3