Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2021-42013 vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv2
CVE-2021-42013
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by t...
Apache Http Server 2.4.49Apache Http Server 2.4.50Fedoraproject Fedora 34Fedoraproject Fedora 35Oracle Instantis Enterprisetrack 17.1Oracle Instantis Enterprisetrack 17.2Oracle Instantis Enterprisetrack 17.3Oracle Jd Edwards Enterpriseone ToolsOracle Secure BackupNetapp Cloud Backup -
4.3
CVSSv2
CVE-2021-41773
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usu...
Apache Http Server 2.4.49Fedoraproject Fedora 34Fedoraproject Fedora 35Oracle Instantis Enterprisetrack 17.1Oracle Instantis Enterprisetrack 17.2Oracle Instantis Enterprisetrack 17.3Netapp Cloud Backup -
5
CVSSv2
CVE-2021-41524
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known...
Apache Http Server 2.4.49Fedoraproject Fedora 34Fedoraproject Fedora 35Oracle Instantis Enterprisetrack 17.1Oracle Instantis Enterprisetrack 17.2Oracle Instantis Enterprisetrack 17.3Netapp Cloud Backup -
5
CVSSv2
CVE-2021-33193
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.
Apache Http ServerFedoraproject Fedora 34Fedoraproject Fedora 35Tenable Tenable.scOracle Zfs Storage Appliance Kit 8.8Oracle Secure Backup
7.5
CVSSv2
CVE-2021-39275
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and previous versions.
Apache Http ServerFedoraproject Fedora 34Fedoraproject Fedora 35Debian Debian Linux 9.0Debian Debian Linux 10.0Debian Debian Linux 11.0Netapp Cloud Backup -Netapp Storagegrid -Netapp Clustered Data Ontap -Oracle Http Server 12.2.1.3.0Oracle Instantis Enterprisetrack 17.1Oracle Instantis Enterprisetrack 17.2Oracle Instantis Enterprisetrack 17.3Oracle Http Server 12.2.1.4.0Oracle Zfs Storage Appliance Kit 8.8Siemens Sinema Server 14.0Siemens Sinec Nms
5
CVSSv2
CVE-2021-34798
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and previous versions.
Apache Http ServerFedoraproject Fedora 34Fedoraproject Fedora 35Debian Debian Linux 9.0Debian Debian Linux 10.0Debian Debian Linux 11.0Netapp Cloud Backup -Netapp Storagegrid -Netapp Clustered Data Ontap -Tenable Tenable.scOracle Http Server 12.2.1.3.0Oracle Instantis Enterprisetrack 17.1Oracle Instantis Enterprisetrack 17.2Oracle Instantis Enterprisetrack 17.3Oracle Peoplesoft Enterprise Peopletools 8.58Oracle Enterprise Manager Base Platform 13.4.0.0Oracle Http Server 12.2.1.4.0Oracle Zfs Storage Appliance Kit 8.8Oracle Enterprise Manager Base Platform 13.5.0.0Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0Broadcom Brocade Fabric Operating System Firmware -Siemens Sinema Server 14.0
5
CVSSv2
CVE-2021-36160
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
Apache Http ServerFedoraproject Fedora 34Fedoraproject Fedora 35Debian Debian Linux 9.0Debian Debian Linux 10.0Debian Debian Linux 11.0Netapp Cloud Backup -Netapp Storagegrid -Netapp Clustered Data Ontap -Oracle Http Server 12.2.1.3.0Oracle Instantis Enterprisetrack 17.1Oracle Instantis Enterprisetrack 17.2Oracle Instantis Enterprisetrack 17.3Oracle Peoplesoft Enterprise Peopletools 8.58Oracle Enterprise Manager Base Platform 13.4.0.0Oracle Http Server 12.2.1.4.0Oracle Zfs Storage Appliance Kit 8.8Oracle Enterprise Manager Base Platform 13.5.0.0Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0Broadcom Brocade Fabric Operating System Firmware -
6.8
CVSSv2
CVE-2021-40438
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and previous versions.
Apache Http ServerFedoraproject Fedora 34Fedoraproject Fedora 35Debian Debian Linux 9.0Debian Debian Linux 10.0Debian Debian Linux 11.0Netapp Cloud Backup -Netapp Storagegrid -Netapp Clustered Data Ontap -F5 F5osOracle Http Server 12.2.1.3.0Oracle Instantis Enterprisetrack 17.1Oracle Instantis Enterprisetrack 17.2Oracle Instantis Enterprisetrack 17.3Oracle Http Server 12.2.1.4.0Oracle Enterprise Manager Ops Center 12.4.0.0Oracle Zfs Storage Appliance Kit 8.8Oracle Secure Global Desktop 5.6Siemens Sinema Server 14.0Siemens Sinec Nms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook