PT-2021-3577 · Apache+9 · Apache Http Server+9

Published

2021-03-01

Updated

2026-02-09

CVE-2021-26691

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.46

Description The issue is related to a heap overflow that can be caused by a specially crafted SessionHeader sent by an origin server. This could potentially allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For Apache HTTP Server versions 2.4.0 through 2.4.46, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Heap Based Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-787

Related Identifiers

ALSA-2021:3816

ALSA-2021:4537

ALT-PU-2021-1838

ALT-PU-2021-2035

ALT-PU-2021-2303

ALT-PU-2021-2339

ALT-PU-2021-2587

ALT-PU-2021-3037

AZL-6477

BDU:2021-03678

BIT-APACHE-2021-26691

CESA-2021_3816

CESA-2022_0143

CVE-2021-26691

DLA-2706-1

DSA-4937-1

MGASA-2021-0265

OESA-2021-1246

OPENSUSE-SU-2021:0908-1

OPENSUSE-SU-2021:2127-1

OPENSUSE-SU-2021_0908-1

OPENSUSE-SU-2021_2127-1

RHSA-2021:3816

RHSA-2021:4614

RHSA-2021_3816

RHSA-2022:0143

RHSA-2022_0143

RLSA-2021:3816

ROSA-SA-2023-2158

SUSE-SU-2021:2004-1

SUSE-SU-2021:2006-1

SUSE-SU-2021:2127-1

USN-4994-1

USN-4994-2

Affected Products

Alt Linux

Almalinux

Apache Http Server

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2021-3577 · Apache+9 · Apache Http Server+9

CVE-2021-26691

Weakness Enumeration

Related Identifiers

Affected Products

References · 184