It was discovered that the Apache HTTP Server incorrectly handled certain
forward proxy requests. A remote attacker could use this issue to cause
the server to crash, resulting in a denial of service, or possibly perform
a Server Side Request Forgery attack. (CVE-2021-44224)

It was discovered that the Apache HTTP Server Lua module incorrectly
handled memory in the multipart parser. A remote attacker could use this
issue to cause the server to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2021-44790)

OSVersionArchitecturePackageVersionFilename
Ubuntu21.10noarchapache2< 2.4.48-3.1ubuntu3.2UNKNOWN
Ubuntu21.10noarchapache2-bin< 2.4.48-3.1ubuntu3.2UNKNOWN
Ubuntu21.10noarchapache2-bin-dbgsym< 2.4.48-3.1ubuntu3.2UNKNOWN
Ubuntu21.10noarchapache2-data< 2.4.48-3.1ubuntu3.2UNKNOWN
Ubuntu21.10noarchapache2-dev< 2.4.48-3.1ubuntu3.2UNKNOWN
Ubuntu21.10noarchapache2-doc< 2.4.48-3.1ubuntu3.2UNKNOWN
Ubuntu21.10noarchapache2-ssl-dev< 2.4.48-3.1ubuntu3.2UNKNOWN
Ubuntu21.10noarchapache2-suexec-custom< 2.4.48-3.1ubuntu3.2UNKNOWN
Ubuntu21.10noarchapache2-suexec-custom-dbgsym< 2.4.48-3.1ubuntu3.2UNKNOWN
Ubuntu21.10noarchapache2-suexec-pristine< 2.4.48-3.1ubuntu3.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	21.10	noarch	apache2	< 2.4.48-3.1ubuntu3.2	UNKNOWN
Ubuntu	21.10	noarch	apache2-bin	< 2.4.48-3.1ubuntu3.2	UNKNOWN
Ubuntu	21.10	noarch	apache2-bin-dbgsym	< 2.4.48-3.1ubuntu3.2	UNKNOWN
Ubuntu	21.10	noarch	apache2-data	< 2.4.48-3.1ubuntu3.2	UNKNOWN
Ubuntu	21.10	noarch	apache2-dev	< 2.4.48-3.1ubuntu3.2	UNKNOWN
Ubuntu	21.10	noarch	apache2-doc	< 2.4.48-3.1ubuntu3.2	UNKNOWN
Ubuntu	21.10	noarch	apache2-ssl-dev	< 2.4.48-3.1ubuntu3.2	UNKNOWN
Ubuntu	21.10	noarch	apache2-suexec-custom	< 2.4.48-3.1ubuntu3.2	UNKNOWN
Ubuntu	21.10	noarch	apache2-suexec-custom-dbgsym	< 2.4.48-3.1ubuntu3.2	UNKNOWN
Ubuntu	21.10	noarch	apache2-suexec-pristine	< 2.4.48-3.1ubuntu3.2	UNKNOWN

Rows per page:

1-10 of 551

References

ubuntu.com/security/CVE-2021-44224

ubuntu.com/security/CVE-2021-44790

ibm 13

openvas 36

nessus 58

redos 1

cisa 1

slackware 1

ubuntu 1

debian 1

fortinet 1

mageia 1

amazon 2

altlinux 2

osv 9

freebsd 1

kaspersky 1

fedora 4

threatpost 1

photon 6

cbl_mariner 4

cve 2

hackerone 1

cnvd 2

f5 2

redhatcve 2

debiancve 2

ubuntucve 2

httpd 2

alpinelinux 2

rocky 2

veracode 2

checkpoint_advisories 1

cvelist 2

prion 2

oraclelinux 3

redhat 13

zdt 1

packetstorm 1

thn 1

almalinux 2

githubexploit 1

exploitdb 1

rosalinux 3

centos 1

ics 1

gentoo 1

apple 1

ibm

Security Bulletin: Multiple Vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Remote Server

2022-03-04 19:21:02

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2021-44790, CVE-2021-44224)

2022-04-01 12:23:48

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server

2022-01-12 19:17:07

openvas

Debian: Security Advisory (DLA-2907-1)

2022-02-02 00:00:00

Ubuntu: Security Advisory (USN-5212-1)

2022-01-07 00:00:00

Ubuntu: Security Advisory (USN-5212-2)

2022-08-26 00:00:00

nessus

SUSE SLES15 Security Update : apache2 (SUSE-SU-2022:0091-2)

2022-01-21 00:00:00

Debian DLA-2907-1 : apache2 - LTS security update

2022-02-02 00:00:00

Debian DSA-5035-1 : apache2 - security update

2022-01-05 00:00:00

redos

ROS-20211223-04

2021-12-23 00:00:00

cisa

Apache Releases Security Update for HTTP Server

2021-12-22 00:00:00

slackware

[slackware-security] httpd

2021-12-20 20:00:56

ubuntu

Apache HTTP Server vulnerabilities

2022-01-10 00:00:00

debian

[SECURITY] [DSA 5035-1] apache2 security update

2022-01-04 16:38:55

fortinet

Multiple Apache Vulnerabilities fixed in 2.4.52

2021-12-28 00:00:00

mageia

Updated apache packages fix security vulnerabilities

2021-12-22 02:27:37

amazon

Important: httpd

2022-01-18 21:37:00

Important: httpd24

2022-01-18 20:14:00

altlinux

Security fix for the ALT Linux 10 package apache2 version 1:2.4.52-alt1

2021-12-27 00:00:00

Security fix for the ALT Linux 9 package apache2 version 1:2.4.52-alt1

2022-02-04 00:00:00

osv

apache2 vulnerabilities

2022-01-10 11:14:47

BIT-apache-2021-44224

2024-03-06 10:54:18

CVE-2021-44224

2021-12-20 12:15:07

freebsd

Apache httpd -- Multiple vulnerabilities

2021-12-20 00:00:00

kaspersky

KLA12400 Multiple vulnerabilities in Apache HTTP Server

2021-12-20 00:00:00

fedora

[SECURITY] Fedora 35 Update: httpd-2.4.52-1.fc35

2021-12-24 01:26:46

[SECURITY] Fedora 34 Update: httpd-2.4.53-1.fc34

2022-03-25 22:06:50

[SECURITY] Fedora 36 Update: httpd-2.4.53-1.fc36

2022-03-26 15:55:33

threatpost

Critical Apache HTTPD Server Bugs Could Lead to RCE, DoS

2021-12-22 17:59:55

photon

Critical Photon OS Security Update - PHSA-2022-0142

2022-01-12 00:00:00

Critical Photon OS Security Update - PHSA-2022-4.0-0142

2022-01-04 00:00:00

Critical Photon OS Security Update - PHSA-2021-0458

2021-12-25 00:00:00

cbl_mariner

CVE-2021-44790 affecting package httpd for versions less than 2.4.52-1

2022-04-09 06:51:57

CVE-2021-44224 affecting package httpd 2.4.51-1

2022-01-10 03:59:19

CVE-2021-44790 affecting package httpd 2.4.51-1

2022-01-10 03:59:19

cve

CVE-2021-44790

2021-12-20 12:15:00

CVE-2021-44224

2021-12-20 12:15:00

hackerone

Internet Bug Bounty: Buffer overflow in req_parsebody method in lua_request.c

2021-12-22 13:20:52

cnvd

Apache HTTP Server code issue vulnerability

2021-12-24 00:00:00

Apache HTTP Server Buffer Overflow Vulnerability (CNVD-2021-102386)

2021-12-24 00:00:00

K16090693 : Apache HTTP server vulnerability CVE-2021-44224

2021-12-27 00:00:00

K53280389 : Apache HTTP server vulnerability CVE-2021-44790

2021-12-29 00:00:00

redhatcve

CVE-2021-44224

2021-12-21 17:04:16

CVE-2021-44790

2021-12-21 17:04:26

debiancve

CVE-2021-44224

2021-12-20 12:15:00

CVE-2021-44790

2021-12-20 12:15:00

ubuntucve

CVE-2021-44224

2021-12-20 00:00:00

CVE-2021-44790

2021-12-20 00:00:00

httpd

Apache Httpd < 2.4.52 : Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier

2021-12-20 00:00:00

Apache Httpd < 2.4.52 : Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier

2021-12-20 00:00:00

alpinelinux

CVE-2021-44224

2021-12-20 12:15:00

CVE-2021-44790

2021-12-20 12:15:00

rocky

httpd:2.4 security update

2022-01-25 12:49:42

httpd:2.4 security and bug fix update

2022-05-10 08:07:40

veracode

Denial Of Service (DoS)

2021-12-21 08:11:59

Buffer Overflow

2021-12-21 09:34:13

checkpoint_advisories

Apache httpd mod_proxy NULL Pointer Dereference (CVE-2021-44224)

2022-11-21 00:00:00

cvelist

CVE-2021-44224 Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier

2021-12-20 11:20:13

CVE-2021-44790 Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier

2021-12-20 00:00:00

prion

Design/Logic Flaw

2021-12-20 12:15:00

Buffer overflow

2021-12-20 12:15:00

oraclelinux

httpd:2.4 security update

2022-01-25 00:00:00

httpd:2.4 security and bug fix update

2022-05-17 00:00:00

httpd security update

2022-01-18 00:00:00

redhat

(RHSA-2022:0288) Important: httpd:2.4 security update

2022-01-26 14:23:05

(RHSA-2022:0258) Important: httpd:2.4 security update

2022-01-25 12:49:42

(RHSA-2022:0303) Important: httpd24-httpd security update

2022-01-27 09:07:18

zdt

Apache 2.4.x - Buffer Overflow Exploit

2023-04-02 00:00:00

packetstorm

Apache 2.4.x Buffer Overflow

2023-04-03 00:00:00

thn

CISA, FBI and NSA Publish Joint Advisory and Scanner for Log4j Vulnerabilities

2021-12-23 12:09:00

almalinux

Important: httpd:2.4 security update

2022-01-25 12:49:42

Moderate: httpd:2.4 security and bug fix update

2022-05-10 08:07:40

githubexploit

Exploit for Out-of-bounds Write in Apache Http Server

2023-12-05 05:54:47

exploitdb

Apache 2.4.x - Buffer Overflow

2023-04-01 00:00:00

rosalinux

Advisory ROSA-SA-2023-2160

2023-04-25 12:02:31

Advisory ROSA-SA-2023-2155

2023-04-18 12:09:43

Advisory ROSA-SA-2023-2158

2023-04-25 11:30:17

centos

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

2022-01-25 17:31:14

ics

Mitsubishi Electric MELSOFT iQ AppPortal

2022-05-12 12:00:00

gentoo

Apache HTTPD: Multiple Vulnerabilities

2022-08-14 00:00:00

apple

About the security content of Security Update 2022-004 Catalina

2022-05-16 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

10 High

AI Score

Confidence

High

0.307 Low

EPSS

Percentile

97.0%

JSON

Related for USN-5212-1