Lucene search

CVE-2021-36160

🗓️ 16 Sep 2021 15:07:15Reported by apacheType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 1276 Views

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS)

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 133
CNVD	Apache HTTP Server Denial of Service Vulnerability (CNVD-2022-03205)	18 Sep 202100:00	–	cnvd
Debian	[SECURITY] [DLA 2768-2] uwsgi regression update	20 Oct 202118:04	–	debian
Debian	[SECURITY] [DLA 2768-1] uwsgi security update	29 Sep 202119:53	–	debian
Debian	[SECURITY] [DSA 4982-1] apache2 security update	8 Oct 202120:56	–	debian
OSV	DLA-2768-1 uwsgi - security update	29 Sep 202100:00	–	osv
OSV	UBUNTU-CVE-2021-36160	16 Sep 202115:15	–	osv
OSV	BIT-APACHE-2021-36160	6 Mar 202410:55	–	osv
OSV	CVE-2021-36160	16 Sep 202115:15	–	osv
OSV	RLSA-2022:1915 Moderate: httpd:2.4 security and bug fix update	10 May 202208:07	–	osv
OSV	DSA-4982-1 apache2 - security update	8 Oct 202100:00	–	osv

Nvd

Vulners

Node

apache http_serverRange2.4.30–2.4.49

Node

fedoraproject fedoraMatch34

fedoraproject fedoraMatch35

Node

debian debian_linuxMatch9.0

debian debian_linuxMatch10.0

debian debian_linuxMatch11.0

Node

netapp cloud_backupMatch-

netapp clustered_data_ontapMatch-

netapp storagegridMatch-

Node

oracle communications_cloud_native_core_network_function_cloud_native_environmentMatch1.10.0

oracle enterprise_manager_base_platformMatch13.4.0.0

oracle enterprise_manager_base_platformMatch13.5.0.0

oracle http_serverMatch12.2.1.3.0

oracle http_serverMatch12.2.1.4.0

oracle instantis_enterprisetrackMatch17.1

oracle instantis_enterprisetrackMatch17.2

oracle instantis_enterprisetrackMatch17.3

oracle peoplesoft_enterprise_peopletoolsMatch8.58

oracle zfs_storage_appliance_kitMatch8.8

Node

broadcom brocade_fabric_operating_system_firmwareMatch-

[
  {
    "product": "Apache HTTP Server",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "changes": [
          {
            "at": "2.4.30",
            "status": "affected"
          }
        ],
        "lessThanOrEqual": "2.4.48",
        "status": "affected",
        "version": "Apache HTTP Server 2.4",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d%40%3Ccvs.httpd.apache.org%3E
lists	www.lists.apache.org/thread.html/r94a61a1517133a19dcf40016e87454ea86e355d06a0cec4c778530f3%40%3Cbugs.httpd.apache.org%3E
lists	www.lists.apache.org/thread.html/ra1c05a392587bfe34383dffe1213edc425de8d4afc25b7cefab3e781%40%3Cbugs.httpd.apache.org%3E
tools	www.tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ
httpd	www.httpd.apache.org/security/vulnerabilities_24.html
lists	www.lists.debian.org/debian-lts-announce/2021/10/msg00016.html
oracle	www.oracle.com/security-alerts/cpuapr2022.html
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/
lists	www.lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E
lists	www.lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

16 Sep 2021 15:15Current

8.5High risk

Vulners AI Score8.5

CVSS25

CVSS37.5

EPSS0.03538