ID

VAR-202109-1803


CVE

CVE-2021-39275


TITLE

Apache HTTP Server ap_escape_quotes Buffer Overflow Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-03225

DESCRIPTION

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. The server is fast, reliable and extensible through a simple API. An attacker could exploit this vulnerability to write malicious content and execute it. 7) - noarch, x86_64 3. Bug Fix(es): * proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319) Additional changes: * To fix CVE-2022-29404, the default value for the "LimitRequestBody" directive in the Apache HTTP Server has been changed from 0 (unlimited) to 1 GiB. On systems where the value of "LimitRequestBody" is not explicitly specified in an httpd configuration file, updating the httpd package sets "LimitRequestBody" to the default value of 1 GiB. As a consequence, if the total size of the HTTP request body exceeds this 1 GiB default limit, httpd returns the 413 Request Entity Too Large error code. If the new default allowed size of an HTTP request message body is insufficient for your use case, update your httpd configuration files within the respective context (server, per-directory, per-file, or per-location) and set your preferred limit in bytes. For example, to set a new 2 GiB limit, use: LimitRequestBody 2147483648 Systems already configured to use any explicit value for the "LimitRequestBody" directive are unaffected by this change. For the oldstable distribution (buster), these problems have been fixed in version 2.4.38-3+deb10u6. For the stable distribution (bullseye), these problems have been fixed in version 2.4.51-1~deb11u1. We recommend that you upgrade your apache2 packages. For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmFgr44ACgkQEMKTtsN8 TjbophAAiZ+fhF2r8BUbQkL8BhpfqjA+hVsp9WEMTn8Gq6kiW0wLvK3jWPM301Ou D4gHqKmFPmYNC1KBOyk/lJdxyD7iTUweUyLi3WXzxhIDMx0kxkRw1oXlyCHzIqSJ M277bgk32h2cDCbsXjrN/8agKPcKgfwDqiyf/igfEq6V8OB2zVvJPKVFq45n54+q 4FPXSyx1g2u5ewSeXbU2uHDej6Qborui4osDdbwx8CT6aETi0cIXJ8RbXF3PUCHG 5DzZagnRq6GumPsl01jcPu7b9Ck8MlkxMSG3FRsSIJVkwpsQ2C34ywIJkFlzUZZh jhdVUrfbyfLpSdcPcipAAjl9I6gDqa9SFdMRK7ixCpQ6iTiVeDZdJ8pA4jnSweNQ THik07di9R0juX0p7peQiIyBKrEf7Y3WSvLOn0SBKXvZnzc/72rH2nP5FclsgCsV TWxptziGridC43KB8/tDJAAOXVF2lzylzF70V/UGTNo1jk9w3/p6btU1iuzKspyY Y4aPZla3DImI8mezrgFrGYNg7bZYLKuJyGDADKih2sUQpzmDZ6MJxKAE3NLRWyQa 7cCJdoNR9yVqytEw1Y/ZRXAXWfMb3Y1ts2EqR8hzLQgMYb0JC58cLMG3T0RgyPoO A4CTIoYpK1WnsykAE8M4XFrnOW3lrtse6T8N/dTVMuodElAEhc0= =/At6 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: httpd security update Advisory ID: RHSA-2022:0143-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0143 Issue date: 2022-01-17 CVE Names: CVE-2021-26691 CVE-2021-34798 CVE-2021-39275 CVE-2021-44790 ==================================================================== 1. Summary: An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Security Fix(es): * httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790) * httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691) * httpd: NULL pointer dereference via malformed requests (CVE-2021-34798) * httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1966732 - CVE-2021-26691 httpd: mod_session: Heap overflow via a crafted SessionHeader value 2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input 2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests 2034674 - CVE-2021-44790 httpd: mod_lua: Possible buffer overflow when parsing multipart content 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: httpd-2.4.6-97.el7_9.4.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: httpd-2.4.6-97.el7_9.4.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: httpd-2.4.6-97.el7_9.4.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm ppc64: httpd-2.4.6-97.el7_9.4.ppc64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm httpd-devel-2.4.6-97.el7_9.4.ppc64.rpm httpd-tools-2.4.6-97.el7_9.4.ppc64.rpm mod_session-2.4.6-97.el7_9.4.ppc64.rpm mod_ssl-2.4.6-97.el7_9.4.ppc64.rpm ppc64le: httpd-2.4.6-97.el7_9.4.ppc64le.rpm httpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm httpd-devel-2.4.6-97.el7_9.4.ppc64le.rpm httpd-tools-2.4.6-97.el7_9.4.ppc64le.rpm mod_session-2.4.6-97.el7_9.4.ppc64le.rpm mod_ssl-2.4.6-97.el7_9.4.ppc64le.rpm s390x: httpd-2.4.6-97.el7_9.4.s390x.rpm httpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm httpd-devel-2.4.6-97.el7_9.4.s390x.rpm httpd-tools-2.4.6-97.el7_9.4.s390x.rpm mod_session-2.4.6-97.el7_9.4.s390x.rpm mod_ssl-2.4.6-97.el7_9.4.s390x.rpm x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: httpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm mod_ldap-2.4.6-97.el7_9.4.ppc64.rpm mod_proxy_html-2.4.6-97.el7_9.4.ppc64.rpm ppc64le: httpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm mod_ldap-2.4.6-97.el7_9.4.ppc64le.rpm mod_proxy_html-2.4.6-97.el7_9.4.ppc64le.rpm s390x: httpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm mod_ldap-2.4.6-97.el7_9.4.s390x.rpm mod_proxy_html-2.4.6-97.el7_9.4.s390x.rpm x86_64: httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: httpd-2.4.6-97.el7_9.4.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-26691 https://access.redhat.com/security/cve/CVE-2021-34798 https://access.redhat.com/security/cve/CVE-2021-39275 https://access.redhat.com/security/cve/CVE-2021-44790 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYeVdC9zjgjWX9erEAQgzNw/8CjsxUvDW64dwvpcYH/OWJhKqvD53sX+w ivf4+hhCsEVLvrjD0eTNkbeza+dcZqoR5swL0IjAGXKJ/0q/oh4/yxq2ydgvEYsY rAjts0tnynoswBaFo6eaBlcNxQroGID0uqgXkUFt37m4eetACuOSVRcZ7/sNsqBS iQF4l16vjNvKeOdKY8nSNe77Dt1/Lj41NoL6XbAZPuvaiLBqqGOY9xYfZSSmFHFq H4dB8cfMC4cWysFtnzffJ+dJdzcWNOxklwLlZe72JoAJYP59da2YuIoE2LsQRGPC Occ84zH/UZx4JWJhF7FEEALC/tizfFqu9qWr1OIDmSVTEAZ+6IZ/mDeF83+0Mrc4 AiV3oiJi7Fx4XTDUL8fim+FORaSI2IR7LK1Zjau1qCN04ayyFXwJdK/fwgIWJHon gYhyUsAj7F7At9m8cCVRP5K4jjmr0qrmsF1M1B6xqMLWlYNcWu3obJS/FbiSdwQJ 7jFdBagThGOzIle0eGk0iMZ+vRJSuaSMZ7GDA14o46KB+EkvYLe+wi6jBQXJeD6Q Oueenu2JiMvB8+dJNYrn9uQY+8WHyCVV1HMMmVo9LajA1FJRXgMIQN5ZmDMoDW73 qFV+VCOHtKPI2hC8ngZYy2RyEUhK4t3f7xmJgtoJ4/DuaGsRWL7xZPL7gLHxWnS4 5VjPyLrWg5U=TyMo -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. ========================================================================== Ubuntu Security Notice USN-5090-3 September 28, 2021 apache2 regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: USN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem. Original advisory details: James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2021-34798) Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-39275) It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to forward requests to arbitrary origin servers. (CVE-2021-40438) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: apache2 2.4.46-4ubuntu1.3 apache2-bin 2.4.46-4ubuntu1.3 Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.6 apache2-bin 2.4.41-4ubuntu3.6 Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.18 apache2-bin 2.4.29-1ubuntu4.18 In general, a standard system update will make all the necessary changes

Trust: 2.34

sources: NVD: CVE-2021-39275 // CNVD: CNVD-2022-03225 // VULHUB: VHN-400791 // VULMON: CVE-2021-39275 // PACKETSTORM: 168565 // PACKETSTORM: 169132 // PACKETSTORM: 165587 // PACKETSTORM: 166321 // PACKETSTORM: 169541 // PACKETSTORM: 169540 // PACKETSTORM: 164305 // PACKETSTORM: 164318

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-03225

AFFECTED PRODUCTS

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.2

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.3

Trust: 1.0

vendor:oraclemodel:http serverscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.1

Trust: 1.0

vendor:netappmodel:clustered data ontapscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:zfs storage appliance kitscope:eqversion:8.8

Trust: 1.0

vendor:siemensmodel:sinec nmsscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:sinema serverscope:eqversion:14.0

Trust: 1.0

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:35

Trust: 1.0

vendor:netappmodel:storagegridscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:http serverscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:apachemodel:http serverscope:lteversion:2.4.48

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:apachemodel:http serverscope:lteversion:<=2.4.48

Trust: 0.6

sources: CNVD: CNVD-2022-03225 // NVD: CVE-2021-39275

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-39275
value: CRITICAL

Trust: 1.0

CNVD: CNVD-2022-03225
value: HIGH

Trust: 0.6

VULHUB: VHN-400791
value: HIGH

Trust: 0.1

VULMON: CVE-2021-39275
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-39275
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2022-03225
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-400791
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-39275
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2022-03225 // VULHUB: VHN-400791 // VULMON: CVE-2021-39275 // NVD: CVE-2021-39275

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-120

Trust: 0.1

sources: VULHUB: VHN-400791 // NVD: CVE-2021-39275

THREAT TYPE

remote

Trust: 0.2

sources: PACKETSTORM: 164305 // PACKETSTORM: 164318

TYPE

overflow

Trust: 0.2

sources: PACKETSTORM: 168565 // PACKETSTORM: 165587

PATCH

title:Patch for Apache HTTP Server ap_escape_quotes Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/313446

Trust: 0.6

title:Red Hat: Moderate: httpd:2.4 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220891 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2021-39275url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-39275

Trust: 0.1

title:Debian Security Advisories: DSA-4982-1 apache2 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=93a29f7ecf9a6aaba79d3b3320aa4b85

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-39275 log

Trust: 0.1

title:Hitachi Security Advisories: Vulnerability in Cosminexus HTTP Server and Hitachi Web Serverurl:https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2022-111

Trust: 0.1

title:Red Hat: Moderate: httpd24-httpd security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226753 - Security Advisory

Trust: 0.1

title:Brocade Security Advisories: CVE-2021-39275. ap_escape_quotes buffer overflowurl:https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories&qid=8a2abdf2d185adc365552c461d65931f

Trust: 0.1

title:Amazon Linux AMI: ALAS-2021-1543url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2021-1543

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20227143 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20227144 - Security Advisory

Trust: 0.1

title:Amazon Linux 2: ALAS2-2021-1716url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1716

Trust: 0.1

title:Cisco: Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021url:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-apache-httpd-2.4.49-VWL69sWQ

Trust: 0.1

title:PROJET TUTEUREurl:https://github.com/PierreChrd/py-projet-tut

Trust: 0.1

title:Tier 0 Tier 1 Tier 2url:https://github.com/Totes5706/TotesHTB

Trust: 0.1

title:Requirements vulnsearch-cve Usage vulnsearch Usage Test Sampleurl:https://github.com/kasem545/vulnsearch

Trust: 0.1

title:Skyneturl:https://github.com/bioly230/THM_Skynet

Trust: 0.1

title:Shodan Search Scripturl:https://github.com/firatesatoglu/shodanSearch

Trust: 0.1

sources: CNVD: CNVD-2022-03225 // VULMON: CVE-2021-39275

EXTERNAL IDS

db:NVDid:CVE-2021-39275

Trust: 2.6

db:SIEMENSid:SSA-685781

Trust: 1.2

db:CNVDid:CNVD-2022-03225

Trust: 0.7

db:PACKETSTORMid:166321

Trust: 0.2

db:PACKETSTORMid:165587

Trust: 0.2

db:PACKETSTORMid:169540

Trust: 0.2

db:PACKETSTORMid:168565

Trust: 0.2

db:PACKETSTORMid:169541

Trust: 0.2

db:PACKETSTORMid:168072

Trust: 0.1

db:VULHUBid:VHN-400791

Trust: 0.1

db:ICS CERTid:ICSA-22-167-06

Trust: 0.1

db:VULMONid:CVE-2021-39275

Trust: 0.1

db:PACKETSTORMid:169132

Trust: 0.1

db:PACKETSTORMid:164305

Trust: 0.1

db:PACKETSTORMid:164318

Trust: 0.1

sources: CNVD: CNVD-2022-03225 // VULHUB: VHN-400791 // VULMON: CVE-2021-39275 // PACKETSTORM: 168565 // PACKETSTORM: 169132 // PACKETSTORM: 165587 // PACKETSTORM: 166321 // PACKETSTORM: 169541 // PACKETSTORM: 169540 // PACKETSTORM: 164305 // PACKETSTORM: 164318 // NVD: CVE-2021-39275

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2021-39275

Trust: 1.4

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-httpd-2.4.49-vwl69swq

Trust: 1.2

url:https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf

Trust: 1.2

url:https://security.netapp.com/advisory/ntap-20211008-0004/

Trust: 1.2

url:https://www.debian.org/security/2021/dsa-4982

Trust: 1.2

url:https://security.gentoo.org/glsa/202208-20

Trust: 1.2

url:https://httpd.apache.org/security/vulnerabilities_24.html

Trust: 1.2

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.2

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.2

url:https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html

Trust: 1.2

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/

Trust: 1.1

url:https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3cusers.httpd.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3cusers.httpd.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3cusers.httpd.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3cusers.httpd.apache.org%3e

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/

Trust: 1.1

url:https://access.redhat.com/security/cve/cve-2021-39275

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-36160

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-34798

Trust: 0.6

url:https://access.redhat.com/articles/11258

Trust: 0.5

url:https://access.redhat.com/security/team/contact/

Trust: 0.5

url:https://bugzilla.redhat.com/):

Trust: 0.5

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-33193

Trust: 0.5

url:https://access.redhat.com/security/team/key/

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-36160

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-34798

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-44224

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-44224

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-33193

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-40438

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.3

url:https://access.redhat.com/errata/rhsa-2022:0891

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-45960

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25313

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22823

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22822

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22824

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22824

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22826

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22827

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22822

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-45960

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-41524

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22827

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22826

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-41524

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-23990

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-46143

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25315

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25314

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22823

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22825

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25236

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25235

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-23852

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-23852

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22825

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-46143

Trust: 0.2

url:https://ubuntu.com/security/notices/usn-5090-1

Trust: 0.2

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/

Trust: 0.1

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/

Trust: 0.1

url:https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers.httpd.apache.org%3e

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-06

Trust: 0.1

url:https://github.com/totes5706/toteshtb

Trust: 0.1

url:https://access.redhat.com/articles/6975397

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30556

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22721

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-28614

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22719

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-29404

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-28614

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-28615

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6753

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-30522

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-28615

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22719

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-31813

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-30556

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30522

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23943

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22721

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-29404

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23943

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26377

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26377

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://security-tracker.debian.org/tracker/apache2

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-44790

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-26691

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-44790

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-26691

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0143

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:7143

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:7144

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.17

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.5

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.2

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5090-3

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.6

Trust: 0.1

url:https://launchpad.net/bugs/1945311

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.18

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.3

Trust: 0.1

sources: CNVD: CNVD-2022-03225 // VULHUB: VHN-400791 // VULMON: CVE-2021-39275 // PACKETSTORM: 168565 // PACKETSTORM: 169132 // PACKETSTORM: 165587 // PACKETSTORM: 166321 // PACKETSTORM: 169541 // PACKETSTORM: 169540 // PACKETSTORM: 164305 // PACKETSTORM: 164318 // NVD: CVE-2021-39275

CREDITS

Red Hat

Trust: 0.5

sources: PACKETSTORM: 168565 // PACKETSTORM: 165587 // PACKETSTORM: 166321 // PACKETSTORM: 169541 // PACKETSTORM: 169540

SOURCES

db:CNVDid:CNVD-2022-03225
db:VULHUBid:VHN-400791
db:VULMONid:CVE-2021-39275
db:PACKETSTORMid:168565
db:PACKETSTORMid:169132
db:PACKETSTORMid:165587
db:PACKETSTORMid:166321
db:PACKETSTORMid:169541
db:PACKETSTORMid:169540
db:PACKETSTORMid:164305
db:PACKETSTORMid:164318
db:NVDid:CVE-2021-39275

LAST UPDATE DATE

2025-04-24T23:54:34.063000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-03225date:2022-01-13T00:00:00
db:VULHUBid:VHN-400791date:2022-10-05T00:00:00
db:VULMONid:CVE-2021-39275date:2023-11-07T00:00:00
db:NVDid:CVE-2021-39275date:2023-11-07T03:37:38.873

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-03225date:2022-01-13T00:00:00
db:VULHUBid:VHN-400791date:2021-09-16T00:00:00
db:VULMONid:CVE-2021-39275date:2021-09-16T00:00:00
db:PACKETSTORMid:168565date:2022-09-30T14:51:18
db:PACKETSTORMid:169132date:2021-10-28T19:12:00
db:PACKETSTORMid:165587date:2022-01-17T16:53:40
db:PACKETSTORMid:166321date:2022-03-15T15:50:26
db:PACKETSTORMid:169541date:2022-10-27T13:05:26
db:PACKETSTORMid:169540date:2022-10-27T13:05:19
db:PACKETSTORMid:164305date:2021-09-28T15:06:35
db:PACKETSTORMid:164318date:2021-09-28T15:23:06
db:NVDid:CVE-2021-39275date:2021-09-16T15:15:07.580