CVE-2021-34798

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.48 and earlier

Description The issue is related to malformed requests that can cause the server to dereference a NULL pointer, potentially leading to a denial of service. This can be exploited by a remote attacker using specially crafted HTTP requests.

Recommendations For Apache HTTP Server versions 2.4.48 and earlier, consider updating to a newer version to resolve the issue. As a temporary workaround, restrict access to the server to minimize the risk of exploitation. Additionally, monitor server logs for suspicious activity and consider implementing additional security measures to prevent malicious requests.

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2022:0891

ALT-PU-2021-2866

ALT-PU-2021-2972

ALT-PU-2021-3037

ALT-PU-2021-3060

AZL-6484

BDU:2021-05873

BIT-APACHE-2021-34798

CESA-2022_0143

CESA-2022_0891

CVE-2021-34798

DLA-2776-1

DSA-4982-1

MGASA-2021-0439

OESA-2021-1369

OPENSUSE-SU-2021:1438-1

OPENSUSE-SU-2021:3522-1

OPENSUSE-SU-2021_1438-1

OPENSUSE-SU-2021_3522-1

RHSA-2021:4614

RHSA-2022:0143

RHSA-2022:0891

RHSA-2022:6753

RHSA-2022_0143

RHSA-2022_0891

RLSA-2022:0891

ROSA-SA-2023-2158

SUSE-SU-2021:3299-1

SUSE-SU-2021:3335-1

SUSE-SU-2021:3522-1

USN-5090-1

USN-5090-2

USN-5090-3

USN-5090-4

Affected Products

Alt Linux

Almalinux

Apache Http Server

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

CVE-2021-34798

Weakness Enumeration

Related Identifiers

Affected Products

References · 123