5
CVSSv2

CVE-2021-41524

Published: 05/10/2021 Updated: 12/10/2021
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server 2.4.49

fedoraproject fedora 34

Vendor Advisories

While fuzzing the 2449 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server This requires a specially crafted request The vulnerability was recently introduced in version 2449 No exploit is known to the project ...
On October 5, 2021 and October 7, 2021, the Apache Software Foundation released two security announcements for the Apache HTTP Server that disclosed the following vulnerabilities: CVE-2021-41524: Null Pointer Dereference Vulnerability CVE-2021-41773: Path Traversal and Remote Code Execution Vulnerability CVE-2021-42013: Path Traversal and Remote ...

Recent Articles

Running a recent Apache web server version? You probably need to patch it. Now
The Register • Richard Speed • 06 Oct 2021

Get our weekly newsletter Unless you want to leak like a sieve

The Apache Software Foundation has hurried out a patch to address a pair of HTTP Web Server vulnerabilities, at least one of which is already being actively exploited.
Apache's HTTP Server is widely used, and the vulnerabilities, CVE-2021-41524 and CVE-2021-41773, aren't great. The latter, a path traversal and file disclosure flaw, is particularly problematic.
The former was reported to Apache's security team on 17 September and can be exploited by an external source to DoS a server ...