CVE-2021-26690

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.46

Description The issue is related to a NULL pointer dereference caused by a specially crafted Cookie header handled by mod session, which can lead to a crash and a possible Denial Of Service. This can be exploited by a remote attacker to cause the application to crash. The problem is associated with pointer dereference errors.

Recommendations For Apache HTTP Server versions 2.4.0 through 2.4.46, consider disabling the mod session module as a temporary workaround until a patch is available. Restrict access to the Cookie header to minimize the risk of exploitation. Avoid using the Cookie header in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2021:4257

ALT-PU-2021-1838

ALT-PU-2021-2035

ALT-PU-2021-2339

AZL-6476

BDU:2021-03681

BIT-APACHE-2021-26690

CESA-2021_4257

CVE-2021-26690

DLA-2706-1

DSA-4937-1

MGASA-2021-0265

OESA-2021-1253

OPENSUSE-SU-2021:0908-1

OPENSUSE-SU-2021:2127-1

OPENSUSE-SU-2021_0908-1

OPENSUSE-SU-2021_2127-1

RHSA-2021:4257

RHSA-2021:4614

RHSA-2021_4257

RLSA-2021:4257

ROSA-SA-2024-2515

SUSE-SU-2021:2004-1

SUSE-SU-2021:2006-1

SUSE-SU-2021:2127-1

USN-4994-1

USN-4994-2

Affected Products

Alt Linux

Almalinux

Apache Http Server

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

CVE-2021-26690

Weakness Enumeration

Related Identifiers

Affected Products

References · 100