Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

11634 matches found

OSV
OSVadded 2021/12/20 12:15 p.m.1 views

DEBIAN-CVE-2021-44790

A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...

9.8CVSS8.9AI score0.97108EPSS
Exploits4References1
OSV
OSVadded 2021/12/20 12:15 p.m.41 views

CVE-2021-44224

A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint Server Side Request Forgery...

8.2CVSS1.4AI score
Exploits0References19
OSV
OSVadded 2021/12/20 12:15 p.m.2 views

DEBIAN-CVE-2021-44224

A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint Server Side Request Forgery...

8.2CVSS7.2AI score0.82295EPSS
Exploits0References1
OSV
OSVadded 2021/12/20 12:15 p.m.6 views

AZL-7044 CVE-2021-44790 affecting package httpd for versions less than 2.4.52-1

A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...

9.8CVSS7.5AI score0.97108EPSS
Exploits4References1
Prion
Prionadded 2021/12/20 12:15 p.m.37 views

Design/Logic Flaw

A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint Server Side Request Forgery...

6.4CVSS8.7AI score0.82295EPSS
Exploits0References19Affected Software11
Prion
Prionadded 2021/12/20 12:15 p.m.46 views

Buffer overflow

A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...

7.5CVSS9.5AI score0.97108EPSS
Exploits4References20Affected Software12
CVE
CVEadded 2021/12/20 11:20 a.m.2672 views

CVE-2021-44224

CVE-2021-44224 concerns Apache HTTP Server (httpd) with the mod_proxy forward proxy configuration. A crafted URI to a forward proxy (ProxyRequests on) can trigger a NULL pointer dereference, causing a crash. In configurations that mix forward and reverse proxy declarations, it can enable requests...

8.2CVSS8.7AI score0.82295EPSS
Exploits0References19Affected Software1
Cvelist
Cvelistadded 2021/12/20 11:20 a.m.233 views

CVE-2021-44224 Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier

A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint Server Side Request Forgery...

9.2AI score0.82295EPSS
Exploits0References19
Debian CVE
Debian CVEadded 2021/12/20 11:20 a.m.87 views

CVE-2021-44224

A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint Server Side Request Forgery...

8.2CVSS7.2AI score0.82295EPSS
Exploits0
AlpineLinux
AlpineLinuxadded 2021/12/20 11:20 a.m.57 views

CVE-2021-44224

A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint Server Side Request Forgery...

8.2CVSS8.9AI score0.82295EPSS
Exploits0
FreeBSD
FreeBSDadded 2021/12/20 12:0 a.m.129 views

Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports: moderate: Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier CVE-2021-44224 A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for...

9.8CVSS0.8AI score0.97108EPSS
Exploits4References1
UbuntuCve
UbuntuCveadded 2021/12/20 12:0 a.m.107 views

CVE-2021-44224

A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint Server Side Request Forgery...

8.2CVSS7AI score0.82295EPSS
Exploits0References4
NCSC
NCSCadded 2021/12/20 12:0 a.m.4 views

Vulnerabilities fixed in Apache httpd

Apache has fixed two vulnerabilities in HTTP Server. The vulnerability with attribute CVE-2021-44224 is present when HTTP Server is configured as a forward proxy. The vulnerability allows a remote malicious person to cause a denial-of-service cause or potentially perform a cross-site request...

9.8CVSS8AI score0.97108EPSS
Exploits4
Positive Technologies
Positive Technologiesadded 2021/12/20 12:0 a.m.5 views

PT-2021-5542

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.51 and earlier Description A carefully crafted request body can cause a buffer overflow in the mod lua multipart parser, specifically when the r:parsebody function is called from Lua scripts. The Apache httpd te...

10CVSS9.6AI score0.97108EPSS
Exploits4References113
Kaspersky
Kasperskyadded 2021/12/20 12:0 a.m.107 views

KLA12400 Multiple vulnerabilities in Apache HTTP Server

Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: 1. NULL pointer dereference or server side request forgery SSRF vulnerability can be...

9.8CVSS9.7AI score0.97108EPSS
Exploits4References4
CNNVD
CNNVDadded 2021/12/20 12:0 a.m.2 views

Apache HTTP Server 缓冲区错误漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A buffer overflow vulnerability exists in Apache HTTP Server that stems from the product's r:parsebody failing to properly determi...

9.8CVSS8.4AI score0.97108EPSS
Exploits4References63
UbuntuCve
UbuntuCveadded 2021/12/20 12:0 a.m.186 views

CVE-2021-44790

A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...

9.8CVSS7.5AI score0.97108EPSS
Exploits4References4
Debian CVE
Debian CVEadded 2021/12/20 12:0 a.m.315 views

CVE-2021-44790

A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...

9.8CVSS8.9AI score0.97108EPSS
Exploits4
CVE
CVEadded 2021/12/20 12:0 a.m.7168 views

CVE-2021-44790

CVE-2021-44790 affects Apache HTTP Server up to version 2.4.51. It describes a buffer overflow in the mod_lua multipart parser (triggered via r:parsebody() from Lua scripts). Connected documents corroborate this in various advisories and patch notes, indicating releases with fixes (e.g., patched ...

9.8CVSS9.9AI score0.97108EPSS
Exploits4References20Affected Software1
Apache Httpd
Apache Httpdadded 2021/12/20 12:0 a.m.230 views

Apache Httpd < 2.4.52 : Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier

A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint Server Side Request Forgery...

8.2CVSS0.4AI score0.82295EPSS
Exploits0
Rows per page
Query Builder