ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and previous versions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache http server |
||
fedoraproject fedora 34 |
||
fedoraproject fedora 35 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |
||
netapp cloud backup - |
||
netapp storagegrid - |
||
netapp clustered data ontap - |
||
oracle http server 12.2.1.3.0 |
||
oracle instantis enterprisetrack 17.1 |
||
oracle instantis enterprisetrack 17.2 |
||
oracle instantis enterprisetrack 17.3 |
||
oracle http server 12.2.1.4.0 |
||
oracle zfs storage appliance kit 8.8 |
||
siemens sinema server 14.0 |
||
siemens sinec nms |