Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2022-7143.NASL
HistoryOct 26, 2022 - 12:00 a.m.

RHEL 7 / 8 : Red Hat JBoss Core Services Apache HTTP Server 2.4.51 (RHSA-2022:7143)

2022-10-2600:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8

9.4 High

AI Score

Confidence

High

JSON

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7143 advisory.

  • httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)

  • A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). (CVE-2021-36160)

  • ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-39275)

  • httpd: NULL pointer dereference via crafted request during HTTP/2 request processing (CVE-2021-41524)

  • A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2022:7143. The text
# itself is copyright (C) Red Hat, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(166564);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/26");

  script_cve_id(
    "CVE-2021-33193",
    "CVE-2021-36160",
    "CVE-2021-39275",
    "CVE-2021-41524",
    "CVE-2021-44224"
  );
  script_xref(name:"RHSA", value:"2022:7143");

  script_name(english:"RHEL 7 / 8 : Red Hat JBoss Core Services Apache HTTP Server 2.4.51 (RHSA-2022:7143)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates for Red Hat JBoss Core Services Apache HTTP Server
2.4.51.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2022:7143 advisory.

  - httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)

  - A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and
    crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). (CVE-2021-36160)

  - ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules
    pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache
    HTTP Server 2.4.48 and earlier. (CVE-2021-39275)

  - httpd: NULL pointer dereference via crafted request during HTTP/2 request processing (CVE-2021-41524)

  - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL
    pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for
    requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This
    issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2021-33193");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2021-36160");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2021-39275");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2021-41524");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2021-44224");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2022:7143");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1966728");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/2010934");
  script_set_attribute(attribute:"solution", value:
"Update the RHEL Red Hat JBoss Core Services Apache HTTP Server 2.4.51 package based on the guidance in RHSA-2022:7143.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-39275");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(125, 476, 787, 918);
  script_set_attribute(attribute:"vendor_severity", value:"Moderate");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/08/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/10/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/10/26");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-manual");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-selinux");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_proxy_html");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_session");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ssl");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release_list(operator: 'ge', os_version: os_ver, rhel_versions: ['7','8'])) audit(AUDIT_OS_NOT, 'Red Hat 7.x / 8.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'repo_relative_urls': [
      'content/dist/layered/rhel8/x86_64/jbcs/1/debug',
      'content/dist/layered/rhel8/x86_64/jbcs/1/os',
      'content/dist/layered/rhel8/x86_64/jbcs/1/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'jbcs-httpd24-httpd-2.4.51-28.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},
      {'reference':'jbcs-httpd24-httpd-devel-2.4.51-28.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},
      {'reference':'jbcs-httpd24-httpd-manual-2.4.51-28.el8jbcs', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},
      {'reference':'jbcs-httpd24-httpd-selinux-2.4.51-28.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},
      {'reference':'jbcs-httpd24-httpd-tools-2.4.51-28.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},
      {'reference':'jbcs-httpd24-mod_ldap-2.4.51-28.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},
      {'reference':'jbcs-httpd24-mod_proxy_html-2.4.51-28.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},
      {'reference':'jbcs-httpd24-mod_session-2.4.51-28.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},
      {'reference':'jbcs-httpd24-mod_ssl-2.4.51-28.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'}
    ]
  },
  {
    'repo_relative_urls': [
      'content/dist/rhel/server/7/7Server/x86_64/jbcs/1/debug',
      'content/dist/rhel/server/7/7Server/x86_64/jbcs/1/os',
      'content/dist/rhel/server/7/7Server/x86_64/jbcs/1/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'jbcs-httpd24-httpd-2.4.51-28.el7jbcs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},
      {'reference':'jbcs-httpd24-httpd-devel-2.4.51-28.el7jbcs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},
      {'reference':'jbcs-httpd24-httpd-manual-2.4.51-28.el7jbcs', 'release':'7', 'el_string':'el7jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},
      {'reference':'jbcs-httpd24-httpd-selinux-2.4.51-28.el7jbcs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},
      {'reference':'jbcs-httpd24-httpd-tools-2.4.51-28.el7jbcs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},
      {'reference':'jbcs-httpd24-mod_ldap-2.4.51-28.el7jbcs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},
      {'reference':'jbcs-httpd24-mod_proxy_html-2.4.51-28.el7jbcs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7jbcs', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},
      {'reference':'jbcs-httpd24-mod_session-2.4.51-28.el7jbcs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},
      {'reference':'jbcs-httpd24-mod_ssl-2.4.51-28.el7jbcs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7jbcs', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'}
    ]
  }
];

var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);

var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
  foreach var pkg ( constraint_array['pkgs'] ) {
    var reference = NULL;
    var _release = NULL;
    var sp = NULL;
    var _cpu = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var epoch = NULL;
    var allowmaj = NULL;
    var exists_check = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (reference &&
        _release &&
        rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
        (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
        rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
  else extra = rpm_report_get();
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : extra
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jbcs-httpd24-httpd / jbcs-httpd24-httpd-devel / etc');
}
VendorProductVersionCPE
redhatenterprise_linux7cpe:/o:redhat:enterprise_linux:7
redhatenterprise_linux8cpe:/o:redhat:enterprise_linux:8
redhatenterprise_linuxjbcs-httpd24-httpdp-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd
redhatenterprise_linuxjbcs-httpd24-httpd-develp-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-devel
redhatenterprise_linuxjbcs-httpd24-httpd-manualp-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-manual
redhatenterprise_linuxjbcs-httpd24-httpd-selinuxp-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-selinux
redhatenterprise_linuxjbcs-httpd24-httpd-toolsp-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-tools
redhatenterprise_linuxjbcs-httpd24-mod_ldapp-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ldap
redhatenterprise_linuxjbcs-httpd24-mod_proxy_htmlp-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_proxy_html
redhatenterprise_linuxjbcs-httpd24-mod_sessionp-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_session
Rows per page:
1-10 of 111

Related

redhat 2
oraclelinux 2
rocky 1
nessus 40
osv 17
almalinux 1
fedora 2
openvas 33
ibm 16
amazon 2
slackware 1
altlinux 2
kaspersky 1
ubuntu 3
freebsd 1
mageia 1
cisco 1
rosalinux 2
suse 4
debian 3
httpd 5
ubuntucve 5
cbl_mariner 9
cnvd 4
redhatcve 5
cve 5
alpinelinux 5
debiancve 5
prion 5
veracode 5
f5 5
photon 1
hackerone 1
checkpoint_advisories 1
cloudlinux 2
gentoo 1
redhat
redhat
(RHSA-2022:7143) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update
2022-10-26 20:05:14
(RHSA-2022:1915) Moderate: httpd:2.4 security and bug fix update
2022-05-10 08:07:40
oraclelinux
oraclelinux
httpd:2.4 security and bug fix update
2022-05-17 00:00:00
httpd:2.4 security update
2022-04-13 00:00:00
rocky
rocky
httpd:2.4 security and bug fix update
2022-05-10 08:07:40
nessus
nessus
CentOS 8 : httpd:2.4 (CESA-2022:1915)
2022-05-10 00:00:00
AlmaLinux 8 : httpd:2.4 (ALSA-2022:1915)
2022-05-12 00:00:00
Oracle Linux 8 : httpd:2.4 (ELSA-2022-1915)
2022-05-18 00:00:00
osv
osv
Moderate: httpd:2.4 security and bug fix update
2022-05-10 08:07:40
Moderate: httpd:2.4 security and bug fix update
2022-05-10 08:07:40
apache2 vulnerabilities
2021-09-27 14:06:45
almalinux
almalinux
Moderate: httpd:2.4 security and bug fix update
2022-05-10 08:07:40
fedora
fedora
[SECURITY] Fedora 34 Update: httpd-2.4.50-1.fc34
2021-10-07 17:19:23
[SECURITY] Fedora 35 Update: httpd-2.4.50-1.fc35
2021-10-29 23:19:42
openvas
openvas
Fedora: Security Advisory for httpd (FEDORA-2021-5d2d4b6ac5)
2021-10-08 00:00:00
Fedora: Security Advisory for httpd (FEDORA-2021-f94985afca)
2021-10-30 00:00:00
Ubuntu: Security Advisory (USN-5090-3)
2021-09-29 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in Apache HTTP (CVE-2021-33193 and CVE-2021-44224) affects Power HMC
2022-12-04 00:13:21
Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-44224)
2022-01-17 18:32:06
Security Bulletin: IBM HTTP Server (powered by Apache) for i is vulnerable to CVE-2021-44224
2022-02-28 23:45:49
amazon
amazon
Important: httpd24
2021-10-15 07:52:00
Important: httpd
2021-10-15 07:57:00
slackware
slackware
[slackware-security] httpd
2021-09-17 04:22:20
altlinux
altlinux
Security fix for the ALT Linux 9 package apache2 version 1:2.4.49-alt1
2021-09-23 00:00:00
Security fix for the ALT Linux 10 package apache2 version 1:2.4.49-alt1
2021-10-04 00:00:00
kaspersky
kaspersky
KLA12370 Multiple vulnerabilities in Apache HTTP Server
2021-09-16 00:00:00
ubuntu
ubuntu
Apache HTTP Server vulnerabilities
2021-09-27 00:00:00
Apache HTTP Server regression
2021-09-28 00:00:00
Apache HTTP Server regression
2021-09-28 00:00:00
freebsd
freebsd
Apache httpd -- multiple vulnerabilities
2021-09-16 00:00:00
mageia
mageia
Updated apache packages fix security vulnerability
2021-09-23 07:49:29
cisco
cisco
Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021
2021-11-24 16:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2155
2023-04-18 12:09:43
Advisory ROSA-SA-2023-2160
2023-04-25 12:02:31
suse
suse
Security update for apache2 (important)
2021-11-02 00:00:00
Security update for apache2 (important)
2021-10-26 00:00:00
Security update for apache2 (important)
2021-09-07 00:00:00
debian
debian
[SECURITY] [DSA 4982-1] apache2 security update
2021-10-08 20:56:04
[SECURITY] [DLA 2768-2] uwsgi regression update
2021-10-20 18:04:40
[SECURITY] [DLA 2768-1] uwsgi security update
2021-09-29 19:53:04
httpd
httpd
Apache Httpd < 2.4.50 : null pointer dereference in h2 fuzzing
2021-10-04 00:00:00
Apache Httpd < 2.4.49 : Request splitting via HTTP/2 method injection and mod_proxy
2021-05-11 00:00:00
Apache Httpd < 2.4.52 : Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier
2021-12-20 00:00:00
ubuntucve
ubuntucve
CVE-2021-41524
2021-10-05 00:00:00
CVE-2021-36160
2021-09-16 00:00:00
CVE-2021-44224
2021-12-20 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-41524 affecting package httpd 2.4.49-1
2021-10-15 04:46:31
CVE-2021-33193 affecting package httpd for versions less than 2.4.52-1
2022-04-09 06:51:57
CVE-2021-33193 affecting package httpd 2.4.46-6
2021-09-09 15:02:57
cnvd
cnvd
Apache HTTP Server Denial of Service Vulnerability (CNVD-2022-09237)
2021-10-10 00:00:00
Apache HTTP Server Denial of Service Vulnerability (CNVD-2022-03205)
2021-09-18 00:00:00
Apache HTTP Server code issue vulnerability
2021-12-24 00:00:00
redhatcve
redhatcve
CVE-2021-41524
2021-10-05 17:08:31
CVE-2021-33193
2021-08-12 02:03:43
CVE-2021-36160
2021-09-16 21:58:07
cve
cve
CVE-2021-41524
2021-10-05 09:15:00
CVE-2021-33193
2021-08-16 08:15:00
CVE-2021-44224
2021-12-20 12:15:00
alpinelinux
alpinelinux
CVE-2021-41524
2021-10-05 09:15:00
CVE-2021-33193
2021-08-16 08:15:00
CVE-2021-44224
2021-12-20 12:15:00
debiancve
debiancve
CVE-2021-41524
2021-10-05 09:15:00
CVE-2021-36160
2021-09-16 15:15:00
CVE-2021-44224
2021-12-20 12:15:00
prion
prion
Null pointer dereference
2021-10-05 09:15:00
Input validation
2021-08-16 08:15:00
Design/Logic Flaw
2021-09-16 15:15:00
veracode
veracode
Denial Of Service (DoS)
2021-10-06 09:50:40
Privilege Escalation
2021-08-13 01:56:49
Denial Of Service (DoS)
2021-12-21 08:11:59
f5
f5
K56331254 : Apache HTTP server vulnerability CVE-2021-41524
2021-11-05 00:00:00
K94828628 : Apache mod_proxy HTTP/2 vulnerability CVE-2021-33193
2021-09-13 00:00:00
K16090693 : Apache HTTP server vulnerability CVE-2021-44224
2021-12-27 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2021-0305
2021-09-24 00:00:00
hackerone
hackerone
Internet Bug Bounty: Request line injection via HTTP/2 in Apache mod_proxy
2021-11-04 13:39:46
checkpoint_advisories
checkpoint_advisories
Apache httpd mod_proxy NULL Pointer Dereference (CVE-2021-44224)
2022-11-21 00:00:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-39275
2021-10-11 15:13:18
Fix of CVE: CVE-2021-39275
2021-10-20 15:53:36
gentoo
gentoo
Apache HTTPD: Multiple Vulnerabilities
2022-08-14 00:00:00

9.4 High

AI Score

Confidence

High

JSON
Related for REDHAT-RHSA-2022-7143.NASL
redhat2oraclelinux2rocky1nessus40osv17almalinux1fedora2openvas33ibm16amazon2slackware1altlinux2kaspersky1ubuntu3freebsd1mageia1cisco1rosalinux2suse4debian3httpd5ubuntucve5cbl_mariner9cnvd4redhatcve5cve5alpinelinux5debiancve5prion5veracode5f55photon1hackerone1checkpoint_advisories1cloudlinux2gentoo1