7.5
CVE-2021-36160
- EPSS 4.69%
- Veröffentlicht 16.09.2021 15:15:07
- Zuletzt bearbeitet 01.05.2025 15:40:05
- Quelle security@apache.org
- CVE-Watchlists
- Unerledigt
Loginmod_proxy_uwsgi out of bound read
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apache ≫ HTTP Server Version >= 2.4.30 < 2.4.49
Fedoraproject ≫ Fedora Version34
Fedoraproject ≫ Fedora Version35
Debian ≫ Debian Linux Version9.0
Debian ≫ Debian Linux Version10.0
Debian ≫ Debian Linux Version11.0
Netapp ≫ Cloud Backup Version-
Netapp ≫ Clustered Data Ontap Version-
Netapp ≫ Storagegrid Version-
Oracle ≫ Enterprise Manager Base Platform Version13.4.0.0
Oracle ≫ Enterprise Manager Base Platform Version13.5.0.0
Oracle ≫ HTTP Server Version12.2.1.3.0
Oracle ≫ HTTP Server Version12.2.1.4.0
Oracle ≫ Instantis Enterprisetrack Version17.1
Oracle ≫ Instantis Enterprisetrack Version17.2
Oracle ≫ Instantis Enterprisetrack Version17.3
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.58
Oracle ≫ Zfs Storage Appliance Kit Version8.8
Broadcom ≫ Brocade Fabric Operating System Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.69% | 0.894 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.