9.8

CVE-2021-44790

Exploit

EPSS 87.09%
Published 20.12.2021 12:15:07
Last modified 01.05.2025 15:38:06
Source security@apache.org
Teams watchlist Login
Open Login

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

Affected products Warnungen 0 Metrics 3 CWE 1 References 23

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ HTTP Server Version < 2.4.52

Fedoraproject ≫ Fedora Version34

Fedoraproject ≫ Fedora Version35

Fedoraproject ≫ Fedora Version36

Debian ≫ Debian Linux Version10.0

Debian ≫ Debian Linux Version11.0

Tenable ≫ Tenable.Sc Version >= 5.16.0 < 5.20.0

Netapp ≫ Cloud Backup Version-

Oracle ≫ Communications Element Manager Version <= 9.0

Oracle ≫ Communications Operations Monitor Version4.3

Oracle ≫ Communications Operations Monitor Version4.4

Oracle ≫ Communications Operations Monitor Version5.0

Oracle ≫ Communications Session Report Manager Version <= 9.0

Oracle ≫ Communications Session Route Manager Version <= 9.0

Oracle ≫ HTTP Server Version12.2.1.3.0

Oracle ≫ HTTP Server Version12.2.1.4.0

Oracle ≫ Instantis Enterprisetrack Version17.1

Oracle ≫ Instantis Enterprisetrack Version17.2

Oracle ≫ Instantis Enterprisetrack Version17.3

Oracle ≫ Zfs Storage Appliance Kit Version8.8

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2020-001

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-001

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-002

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-003

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-004

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-005

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-006

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-007

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-008

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2022-001

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2022-002

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2022-003

Apple ≫ macOS Version < 10.15.7

Apple ≫ macOS Version >= 11.0 < 11.6.6

Apple ≫ macOS Version >= 12.0 < 12.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	87.09%	0.994

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://httpd.apache.org/security/vulnerabilities_24.html

Vendor Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2022.html

Patch

Third Party Advisory

https://security.gentoo.org/glsa/202208-20

Third Party Advisory

http://seclists.org/fulldisclosure/2022/May/35

Third Party Advisory

Mailing List

https://support.apple.com/kb/HT213256

Third Party Advisory

http://seclists.org/fulldisclosure/2022/May/33

Third Party Advisory

Mailing List

http://seclists.org/fulldisclosure/2022/May/38

Third Party Advisory

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/

Third Party Advisory

https://security.netapp.com/advisory/ntap-20211224-0001/

Third Party Advisory

https://support.apple.com/kb/HT213255

Third Party Advisory

https://support.apple.com/kb/HT213257

Third Party Advisory

https://www.debian.org/security/2022/dsa-5035

Third Party Advisory

https://www.tenable.com/security/tns-2022-01

Third Party Advisory

https://www.tenable.com/security/tns-2022-03

Third Party Advisory

http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html

Exploit

http://www.openwall.com/lists/oss-security/2021/12/20/4

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2021-44790

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-44790

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-44790

EUVD