9.8

CVE-2021-44790

Exploit

EPSS 87.09%
Veröffentlicht 20.12.2021 12:15:07
Zuletzt bearbeitet 01.05.2025 15:38:06
Quelle security@apache.org
Teams Watchlist Login
Unerledigt Login

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 23

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ HTTP Server Version < 2.4.52

Fedoraproject ≫ Fedora Version34

Fedoraproject ≫ Fedora Version35

Fedoraproject ≫ Fedora Version36

Debian ≫ Debian Linux Version10.0

Debian ≫ Debian Linux Version11.0

Tenable ≫ Tenable.Sc Version >= 5.16.0 < 5.20.0

Netapp ≫ Cloud Backup Version-

Oracle ≫ Communications Element Manager Version <= 9.0

Oracle ≫ Communications Operations Monitor Version4.3

Oracle ≫ Communications Operations Monitor Version4.4

Oracle ≫ Communications Operations Monitor Version5.0

Oracle ≫ Communications Session Report Manager Version <= 9.0

Oracle ≫ Communications Session Route Manager Version <= 9.0

Oracle ≫ HTTP Server Version12.2.1.3.0

Oracle ≫ HTTP Server Version12.2.1.4.0

Oracle ≫ Instantis Enterprisetrack Version17.1

Oracle ≫ Instantis Enterprisetrack Version17.2

Oracle ≫ Instantis Enterprisetrack Version17.3

Oracle ≫ Zfs Storage Appliance Kit Version8.8

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2020-001

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-001

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-002

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-003

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-004

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-005

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-006

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-007

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-008

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2022-001

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2022-002

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2022-003

Apple ≫ macOS Version < 10.15.7

Apple ≫ macOS Version >= 11.0 < 11.6.6

Apple ≫ macOS Version >= 12.0 < 12.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	87.09%	0.994

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://httpd.apache.org/security/vulnerabilities_24.html

Vendor Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2022.html

Patch

Third Party Advisory

https://security.gentoo.org/glsa/202208-20

Third Party Advisory

http://seclists.org/fulldisclosure/2022/May/35

Third Party Advisory

Mailing List

https://support.apple.com/kb/HT213256

Third Party Advisory

http://seclists.org/fulldisclosure/2022/May/33

Third Party Advisory

Mailing List

http://seclists.org/fulldisclosure/2022/May/38

Third Party Advisory

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/

Third Party Advisory

https://security.netapp.com/advisory/ntap-20211224-0001/

Third Party Advisory

https://support.apple.com/kb/HT213255

Third Party Advisory

https://support.apple.com/kb/HT213257

Third Party Advisory

https://www.debian.org/security/2022/dsa-5035

Third Party Advisory

https://www.tenable.com/security/tns-2022-01

Third Party Advisory

https://www.tenable.com/security/tns-2022-03

Third Party Advisory

http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html

Exploit

http://www.openwall.com/lists/oss-security/2021/12/20/4

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2021-44790

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-44790

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-44790

EUVD