CVE-2021-30641

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.39 through 2.4.46

Description The issue exists due to insufficient input validation in the Apache HTTP Server. Exploitation of this issue may allow a remote attacker to impact the integrity of protected information. The problem is related to unexpected matching behavior when 'MergeSlashes OFF' is set.

Recommendations For Apache HTTP Server versions 2.4.39 through 2.4.46, update to a version that fixes the unexpected matching behavior with 'MergeSlashes OFF'. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2021:4257

ALT-PU-2021-1838

ALT-PU-2021-2035

ALT-PU-2021-2339

AZL-6478

BDU:2021-03680

BIT-APACHE-2021-30641

CESA-2021_4257

CVE-2021-30641

DLA-2706-1

DSA-4937-1

MGASA-2021-0265

OESA-2021-1246

OPENSUSE-SU-2021:0908-1

OPENSUSE-SU-2021:2127-1

OPENSUSE-SU-2021_0908-1

OPENSUSE-SU-2021_2127-1

RHSA-2021:4257

RHSA-2021:4614

RHSA-2021_4257

RLSA-2021:4257

SUSE-SU-2021:14749-1

SUSE-SU-2021:2004-1

SUSE-SU-2021:2006-1

SUSE-SU-2021:2127-1

SUSE-SU-2021_14749-1

USN-4994-1

USN-4994-2

Affected Products

Alt Linux

Almalinux

Apache Http Server

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

CVE-2021-30641

Weakness Enumeration

Related Identifiers

Affected Products

References · 101