Lucene search

K
cvelistApacheCVELIST:CVE-2021-36160
HistorySep 16, 2021 - 2:40 p.m.

CVE-2021-36160 mod_proxy_uwsgi out of bound read

2021-09-1614:40:18
CWE-125
apache
www.cve.org
11
cve-2021-36160
mod_proxy_uwsgi
out of bound read
apache http server
memory
crash
denial of service

AI Score

8.7

Confidence

High

EPSS

0.002

Percentile

53.4%

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).

CNA Affected

[
  {
    "product": "Apache HTTP Server",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "changes": [
          {
            "at": "2.4.30",
            "status": "affected"
          }
        ],
        "lessThanOrEqual": "2.4.48",
        "status": "affected",
        "version": "Apache HTTP Server 2.4",
        "versionType": "custom"
      }
    ]
  }
]

References