While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.
|Vulnerable Product||Search on Vulmon||Subscribe to Product|
apache http server 2.4.49
fedoraproject fedora 34
Get our weekly newsletter Unless you want to leak like a sieve
The Apache Software Foundation has hurried out a patch to address a pair of HTTP Web Server vulnerabilities, at least one of which is already being actively exploited.
Apache's HTTP Server is widely used, and the vulnerabilities, CVE-2021-41524 and CVE-2021-41773, aren't great. The latter, a path traversal and file disclosure flaw, is particularly problematic.
The former was reported to Apache's security team on 17 September and can be exploited by an external source to DoS a server ...