PT-2021-4293 · Apache+1 · Apache Http Server+1

Published

2021-10-04

Updated

2024-03-06

CVE-2021-41524

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Apache HTTP Server version 2.4.49

Description The issue is related to a null pointer dereference error during HTTP/2 request processing, which can be exploited by an external source to cause a denial of service (DoS) via a specially crafted request. The vulnerability was introduced in version 2.4.49 of the Apache HTTP Server.

Recommendations For Apache HTTP Server version 2.4.49, consider disabling HTTP/2 request processing until a patch is available to prevent potential DoS attacks.

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2021-2994

ALT-PU-2021-3018

ALT-PU-2021-3037

ALT-PU-2021-3060

BDU:2021-04902

BIT-APACHE-2021-41524

CVE-2021-41524

MGASA-2021-0461

RHSA-2022:7143

Affected Products

Alt Linux

Apache Http Server

PT-2021-4293 · Apache+1 · Apache Http Server+1

CVE-2021-41524

Weakness Enumeration

Related Identifiers

Affected Products

References · 30