Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2021-36160

Published: 16/09/2021 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Http Server

Vulnerability Summary

An out-of-bounds read in mod_proxy_uwsgi of httpd allows a remote unauthenticated malicious user to crash the service through a crafted request. The highest threat from this vulnerability is to system availability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server

fedoraproject fedora 34

fedoraproject fedora 35

debian debian linux 9.0

debian debian linux 10.0

debian debian linux 11.0

netapp cloud backup -

netapp storagegrid -

netapp clustered data ontap -

oracle http server 12.2.1.3.0

oracle instantis enterprisetrack 17.1

oracle instantis enterprisetrack 17.2

oracle instantis enterprisetrack 17.3

oracle peoplesoft enterprise peopletools 8.58

oracle enterprise manager base platform 13.4.0.0

oracle http server 12.2.1.4.0

oracle zfs storage appliance kit 8.8

oracle enterprise manager base platform 13.5.0.0

oracle communications cloud native core network function cloud native environment 1.10.0

broadcom brocade fabric operating system firmware -

Vendor Advisories

Red Hat: Moderate: httpd:2.4 security and bug fix update
Synopsis Moderate: httpd:24 security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the httpd:24 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2451 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat JBoss Core ServicesRed Hat Product Security ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2451 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Core ServicesRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Red Hat: Moderate: httpd24-httpd security and bug fix update
Synopsis Moderate: httpd24-httpd security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for httpd24-httpd is now available for Red Hat Software CollectionsRed Hat Product Security has rated ...
Debian Security Advisories: DSA-4982-1 apache2 -- security update
Several vulnerabilities have been found in the Apache HTTP server, which could result in denial of service In addition a vulnerability was discovered in mod_proxy with which an attacker could trick the server to forward requests to arbitrary origin servers For the oldstable distribution (buster), these problems have been fixed in version 2438-3 ...
Red Hat: CVE-2021-36160
An out-of-bounds read in mod_proxy_uwsgi of httpd allows a remote unauthenticated attacker to crash the service through a crafted request The highest threat from this vulnerability is to system availability ...
Amazon Linux 2: ALAS2-2021-1716
A NULL pointer dereference was found in Apache httpd mod_h2 The highest threat from this flaw is to system integrity (CVE-2021-33193) A NULL pointer dereference in httpd allows an unauthenticated remote attacker to crash httpd by providing malformed HTTP requests The highest threat from this vulnerability is to system availability (CVE-2021-347 ...
Amazon Linux AMI: ALAS-2021-1543
A NULL pointer dereference was found in Apache httpd mod_h2 The highest threat from this flaw is to system integrity (CVE-2021-33193) A NULL pointer dereference in httpd allows an unauthenticated remote attacker to crash httpd by providing malformed HTTP requests The highest threat from this vulnerability is to system availability (CVE-2021-347 ...
Arch Linux Issues:
In Apache HTTP Server before version 2449, a carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (denial of service) ...
Cisco: Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021
On September 16, 2021, the Apache Software Foundation disclosed five vulnerabilities affecting the Apache HTTP Server (httpd) 2448 and earlier releases For a description of these vulnerabilities, see the Apache HTTP Server 2449 section of the Apache HTTP Server 24 vulnerabilities webpage This advisory will be updated as additional informatio ...

References

CWE-125http://httpd.apache.org/security/vulnerabilities_24.htmlhttps://lists.debian.org/debian-lts-announce/2021/09/msg00016.htmlhttps://security.netapp.com/advisory/ntap-20211008-0004/https://www.debian.org/security/2021/dsa-4982https://lists.debian.org/debian-lts-announce/2021/10/msg00016.htmlhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://security.gentoo.org/glsa/202208-20https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70%40%3Ccvs.httpd.apache.org%3Ehttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3Ehttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/https://lists.apache.org/thread.html/ra1c05a392587bfe34383dffe1213edc425de8d4afc25b7cefab3e781%40%3Cbugs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r73260f6ba9fb52e43d860905fc90462ba5a814afda2d011f32bbd41c%40%3Cbugs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r7f2746e916ed370239bc1a1025e5ebbf345f79df9ea0ea39e44acfbb%40%3Cbugs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r94a61a1517133a19dcf40016e87454ea86e355d06a0cec4c778530f3%40%3Cbugs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/ra87a69d0703d09dc52b86e32b08f8d7327af10acdd5f577a4e82596a%40%3Cbugs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rb2341c8786d0f9924f5b666e82d8d170b4804f50a523d750551bef1a%40%3Cbugs.httpd.apache.org%3Ehttps://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2022:1915https://www.debian.org/security/2021/dsa-4982https://access.redhat.com/security/cve/cve-2021-36160
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook