Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-44224

Опубликовано: 20 дек. 2021
Источник: ubuntu
Приоритет: medium
EPSS Средний
CVSS2: 6.4
CVSS3: 8.2

Описание

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).

РелизСтатусПримечание
bionic

released

2.4.29-1ubuntu4.21
devel

released

2.4.52-1ubuntu1
esm-infra-legacy/trusty

released

2.4.7-1ubuntu4.22+esm3
esm-infra/bionic

released

2.4.29-1ubuntu4.21
esm-infra/focal

released

2.4.41-4ubuntu3.9
esm-infra/xenial

released

2.4.18-2ubuntu3.17+esm4
focal

released

2.4.41-4ubuntu3.9
hirsute

released

2.4.46-4ubuntu1.5
impish

released

2.4.48-3.1ubuntu3.2
jammy

released

2.4.52-1ubuntu1

Показывать по

Ссылки на источники

EPSS

Процентиль: 93%
0.10953
Средний

6.4 Medium

CVSS2

8.2 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2021-44224

CVSS3: 7.1
redhat
почти 4 года назад

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).

nvd логотип

CVE-2021-44224

CVSS3: 8.2
nvd
почти 4 года назад

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).

msrc логотип

CVE-2021-44224

CVSS3: 8.2
msrc
почти 4 года назад

Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier

debian логотип

CVE-2021-44224

CVSS3: 8.2
debian
почти 4 года назад

A crafted URI sent to httpd configured as a forward proxy (ProxyReques ...

github логотип

GHSA-92ww-hwmg-qq7p

CVSS3: 8.2
github
почти 4 года назад

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).

EPSS

Процентиль: 93%
0.10953
Средний

6.4 Medium

CVSS2

8.2 High

CVSS3