BIT-APACHE-2021-39275 ap_escape_quotes buffer overflow

apescapequotes may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier...

SUSE CVE-2021-39275

apescapequotes may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier...

httpd: Out-of-bounds write in ap_escape_quotes() via malicious input

An out-of-bounds write in function apescapequotes of httpd allows an unauthenticated remote attacker to crash the server or potentially execute code on the system with the privileges of the httpd user, by providing malicious input to the function...

RHEL 7 : httpd24-httpd (RHSA-2022:6753)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6753 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modsed: Read/wri...

EulerOS Virtualization 2.10.1 : httpd (EulerOS-SA-2022-1373)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier...

Oracle Linux 8 : httpd:2.4 (ELSA-2022-0891)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0891 advisory. - Resolves: 2059256 - CVE-2021-34798 httpd:2.4/httpd: NULL pointer dereference via malformed requests Tenable has extracted the preceding description...

CentOS 8 : httpd:2.4 (CESA-2022:0891)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:0891 advisory. - httpd: NULL pointer dereference via malformed requests CVE-2021-34798 - httpd: Out-of-bounds write in apescapequotes via malicious input CVE-2021-392...

EulerOS Virtualization 3.0.6.6 : httpd (EulerOS-SA-2022-1124)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is...

Oracle Linux 7 : httpd (ELSA-2022-0143)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0143 advisory. - modsession: save one aprstrtok Orabug: 33338149CVE-2021-26690 - Resolves: 2031072 - CVE-2021-34798 httpd: NULL pointer dereference via malformed...

EulerOS Virtualization 3.0.2.0 : httpd (EulerOS-SA-2021-2832)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is...

Oracle Linux 7 : httpd (ELSA-2021-9619)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9619 advisory. - scoreboard: fix null pointer deference Orabug: 33561206CVE-2021-34798 Tenable has extracted the preceding description block directly from the Oracle...

openSUSE 15 Security Update : apache2 (openSUSE-SU-2021:1438-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1438-1 advisory. - Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier...

CLSA-2021-1634922666 Fixed CVE-2021-39275 in httpd

CVE-2021-39275: apescapequotes algorithm which led to buffer overflow...

Fix of CVE: CVE-2021-39275

CVE-2021-39275: apescapequotes algorithm which led to buffer overflow...

SUSE SLES15 Security Update : apache2 (SUSE-SU-2021:3335-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3335-1 advisory. - A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or...

Fix of CVE: CVE-2021-39275

CVE-2021-39275: apescapequotes algorithm which led to buffer overflow...

ap_escape_quotes buffer overflow

...

Ubuntu 16.04 ESM : Apache HTTP Server vulnerabilities (USN-5090-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5090-2 advisory. USN-5090-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tenable has...

Updated apache packages fix security vulnerability

A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. CVE-2021-33193 Malformed requests may cause the server to dereference a NULL pointer. CVE-2021-34798 A carefully crafted request uri-path can cause...

Apache HTTP Server ap_escape_quotes buffer overflow vulnerability

Apache HTTP Server is an open source web server from the Apache Foundation. The server is fast, reliable, and extensible via a simple API. buffer overflow vulnerability exists in Apache HTTP Server versions 2.4.48 and earlier, which stems from the possibility that apescapequotes may write content...