CVE-2021-36160

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.30 through 2.4.48

Description A carefully crafted request uri-path can cause mod proxy uwsgi to read above the allocated memory and crash, resulting in a denial of service (DoS). The issue is related to the mod proxy uwsgi function in the Apache HTTP Server, which allows a remote attacker to exploit the vulnerability by sending a specially crafted uri-path request.

Recommendations For Apache HTTP Server versions 2.4.30 through 2.4.48, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2022:1915

ALT-PU-2021-2866

ALT-PU-2021-2972

ALT-PU-2021-3037

ALT-PU-2021-3060

AZL-6485

BDU:2021-06099

BIT-APACHE-2021-36160

CESA-2022_1915

CVE-2021-36160

DLA-2768-1

DLA-2768-2

DSA-4982-1

MGASA-2021-0439

OESA-2021-1369

OPENSUSE-SU-2021:1438-1

OPENSUSE-SU-2021:3522-1

OPENSUSE-SU-2021_1438-1

OPENSUSE-SU-2021_3522-1

RHSA-2022:1915

RHSA-2022:6753

RHSA-2022:7143

RHSA-2022_1915

RLSA-2022:1915

SUSE-SU-2021:3335-1

SUSE-SU-2021:3522-1

USN-5090-1

USN-5090-3

USN-5090-4

Affected Products

Alt Linux

Almalinux

Apache Http Server

Astra Linux

Centos

Debian

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

CVE-2021-36160

Weakness Enumeration

Related Identifiers

Affected Products

References · 199