csaf_opensuse - opensuse-su-2022:0091-1

Vulnerability from csaf_opensuse

Published

2022-01-17 15:25

Modified

2022-01-17 15:25

Summary

Security update for apache2

Notes

Title of the patch

Security update for apache2

Description of the patch

This update for apache2 fixes the following issues: Apache2 was updated to the current stable version 2.4.51 (jsc#SLE-22733 jsc#SLE-22849) It fixes all CVEs and selected bugs represented by patches found between 2.4.23 and 2.4.51. See https://downloads.apache.org/httpd/CHANGES_2.4 for a complete change log. Also fixed: - CVE-2021-44224: Fixed NULL dereference or SSRF in forward proxy configurations (bsc#1193943) - CVE-2021-44790: Fixed buffer overflow when parsing multipart content in mod_lua (bsc#1193942)

Patchnames

openSUSE-2022-91,openSUSE-SLE-15.3-2022-91

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         namespace: "https://www.suse.com/support/security/rating/",
         text: "important",
      },
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      distribution: {
         text: "Copyright 2024 SUSE LLC. All rights reserved.",
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "en",
      notes: [
         {
            category: "summary",
            text: "Security update for apache2",
            title: "Title of the patch",
         },
         {
            category: "description",
            text: "This update for apache2 fixes the following issues:\n\nApache2 was updated to the current stable version 2.4.51 (jsc#SLE-22733 jsc#SLE-22849)\n\nIt fixes all CVEs and selected bugs represented by patches found between 2.4.23 and 2.4.51.\n\nSee https://downloads.apache.org/httpd/CHANGES_2.4 for a complete change log.\n\nAlso fixed:\n\n- CVE-2021-44224: Fixed NULL dereference or SSRF in forward proxy configurations (bsc#1193943)\n- CVE-2021-44790: Fixed buffer overflow when parsing multipart content in mod_lua (bsc#1193942)\n\n",
            title: "Description of the patch",
         },
         {
            category: "details",
            text: "openSUSE-2022-91,openSUSE-SLE-15.3-2022-91",
            title: "Patchnames",
         },
         {
            category: "legal_disclaimer",
            text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
            title: "Terms of use",
         },
      ],
      publisher: {
         category: "vendor",
         contact_details: "https://www.suse.com/support/security/contact/",
         name: "SUSE Product Security Team",
         namespace: "https://www.suse.com/",
      },
      references: [
         {
            category: "external",
            summary: "SUSE ratings",
            url: "https://www.suse.com/support/security/rating/",
         },
         {
            category: "self",
            summary: "URL of this CSAF notice",
            url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_0091-1.json",
         },
         {
            category: "self",
            summary: "URL for openSUSE-SU-2022:0091-1",
            url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LQX4BVMFKUTV6DOPDTL26H5DQJJFUPXZ/",
         },
         {
            category: "self",
            summary: "E-Mail link for openSUSE-SU-2022:0091-1",
            url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LQX4BVMFKUTV6DOPDTL26H5DQJJFUPXZ/",
         },
         {
            category: "self",
            summary: "SUSE Bug 1193942",
            url: "https://bugzilla.suse.com/1193942",
         },
         {
            category: "self",
            summary: "SUSE Bug 1193943",
            url: "https://bugzilla.suse.com/1193943",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2021-44224 page",
            url: "https://www.suse.com/security/cve/CVE-2021-44224/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2021-44790 page",
            url: "https://www.suse.com/security/cve/CVE-2021-44790/",
         },
      ],
      title: "Security update for apache2",
      tracking: {
         current_release_date: "2022-01-17T15:25:36Z",
         generator: {
            date: "2022-01-17T15:25:36Z",
            engine: {
               name: "cve-database.git:bin/generate-csaf.pl",
               version: "1",
            },
         },
         id: "openSUSE-SU-2022:0091-1",
         initial_release_date: "2022-01-17T15:25:36Z",
         revision_history: [
            {
               date: "2022-01-17T15:25:36Z",
               number: "1",
               summary: "Current version",
            },
         ],
         status: "final",
         version: "1",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "chromedriver-99.0.4844.84-bp153.2.75.1.aarch64",
                        product: {
                           name: "chromedriver-99.0.4844.84-bp153.2.75.1.aarch64",
                           product_id: "chromedriver-99.0.4844.84-bp153.2.75.1.aarch64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "chromium-99.0.4844.84-bp153.2.75.1.aarch64",
                        product: {
                           name: "chromium-99.0.4844.84-bp153.2.75.1.aarch64",
                           product_id: "chromium-99.0.4844.84-bp153.2.75.1.aarch64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "apache2-2.4.51-3.37.1.aarch64",
                        product: {
                           name: "apache2-2.4.51-3.37.1.aarch64",
                           product_id: "apache2-2.4.51-3.37.1.aarch64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "apache2-devel-2.4.51-3.37.1.aarch64",
                        product: {
                           name: "apache2-devel-2.4.51-3.37.1.aarch64",
                           product_id: "apache2-devel-2.4.51-3.37.1.aarch64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "apache2-event-2.4.51-3.37.1.aarch64",
                        product: {
                           name: "apache2-event-2.4.51-3.37.1.aarch64",
                           product_id: "apache2-event-2.4.51-3.37.1.aarch64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "apache2-example-pages-2.4.51-3.37.1.aarch64",
                        product: {
                           name: "apache2-example-pages-2.4.51-3.37.1.aarch64",
                           product_id: "apache2-example-pages-2.4.51-3.37.1.aarch64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "apache2-prefork-2.4.51-3.37.1.aarch64",
                        product: {
                           name: "apache2-prefork-2.4.51-3.37.1.aarch64",
                           product_id: "apache2-prefork-2.4.51-3.37.1.aarch64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "apache2-utils-2.4.51-3.37.1.aarch64",
                        product: {
                           name: "apache2-utils-2.4.51-3.37.1.aarch64",
                           product_id: "apache2-utils-2.4.51-3.37.1.aarch64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "apache2-worker-2.4.51-3.37.1.aarch64",
                        product: {
                           name: "apache2-worker-2.4.51-3.37.1.aarch64",
                           product_id: "apache2-worker-2.4.51-3.37.1.aarch64",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "aarch64",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "apache2-doc-2.4.51-3.37.1.noarch",
                        product: {
                           name: "apache2-doc-2.4.51-3.37.1.noarch",
                           product_id: "apache2-doc-2.4.51-3.37.1.noarch",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "noarch",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "apache2-2.4.51-3.37.1.ppc64le",
                        product: {
                           name: "apache2-2.4.51-3.37.1.ppc64le",
                           product_id: "apache2-2.4.51-3.37.1.ppc64le",
                        },
                     },
                     {
                        category: "product_version",
                        name: "apache2-devel-2.4.51-3.37.1.ppc64le",
                        product: {
                           name: "apache2-devel-2.4.51-3.37.1.ppc64le",
                           product_id: "apache2-devel-2.4.51-3.37.1.ppc64le",
                        },
                     },
                     {
                        category: "product_version",
                        name: "apache2-event-2.4.51-3.37.1.ppc64le",
                        product: {
                           name: "apache2-event-2.4.51-3.37.1.ppc64le",
                           product_id: "apache2-event-2.4.51-3.37.1.ppc64le",
                        },
                     },
                     {
                        category: "product_version",
                        name: "apache2-example-pages-2.4.51-3.37.1.ppc64le",
                        product: {
                           name: "apache2-example-pages-2.4.51-3.37.1.ppc64le",
                           product_id: "apache2-example-pages-2.4.51-3.37.1.ppc64le",
                        },
                     },
                     {
                        category: "product_version",
                        name: "apache2-prefork-2.4.51-3.37.1.ppc64le",
                        product: {
                           name: "apache2-prefork-2.4.51-3.37.1.ppc64le",
                           product_id: "apache2-prefork-2.4.51-3.37.1.ppc64le",
                        },
                     },
                     {
                        category: "product_version",
                        name: "apache2-utils-2.4.51-3.37.1.ppc64le",
                        product: {
                           name: "apache2-utils-2.4.51-3.37.1.ppc64le",
                           product_id: "apache2-utils-2.4.51-3.37.1.ppc64le",
                        },
                     },
                     {
                        category: "product_version",
                        name: "apache2-worker-2.4.51-3.37.1.ppc64le",
                        product: {
                           name: "apache2-worker-2.4.51-3.37.1.ppc64le",
                           product_id: "apache2-worker-2.4.51-3.37.1.ppc64le",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "ppc64le",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "apache2-2.4.51-3.37.1.s390x",
                        product: {
                           name: "apache2-2.4.51-3.37.1.s390x",
                           product_id: "apache2-2.4.51-3.37.1.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "apache2-devel-2.4.51-3.37.1.s390x",
                        product: {
                           name: "apache2-devel-2.4.51-3.37.1.s390x",
                           product_id: "apache2-devel-2.4.51-3.37.1.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "apache2-event-2.4.51-3.37.1.s390x",
                        product: {
                           name: "apache2-event-2.4.51-3.37.1.s390x",
                           product_id: "apache2-event-2.4.51-3.37.1.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "apache2-example-pages-2.4.51-3.37.1.s390x",
                        product: {
                           name: "apache2-example-pages-2.4.51-3.37.1.s390x",
                           product_id: "apache2-example-pages-2.4.51-3.37.1.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "apache2-prefork-2.4.51-3.37.1.s390x",
                        product: {
                           name: "apache2-prefork-2.4.51-3.37.1.s390x",
                           product_id: "apache2-prefork-2.4.51-3.37.1.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "apache2-utils-2.4.51-3.37.1.s390x",
                        product: {
                           name: "apache2-utils-2.4.51-3.37.1.s390x",
                           product_id: "apache2-utils-2.4.51-3.37.1.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "apache2-worker-2.4.51-3.37.1.s390x",
                        product: {
                           name: "apache2-worker-2.4.51-3.37.1.s390x",
                           product_id: "apache2-worker-2.4.51-3.37.1.s390x",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "s390x",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "chromedriver-99.0.4844.84-bp153.2.75.1.x86_64",
                        product: {
                           name: "chromedriver-99.0.4844.84-bp153.2.75.1.x86_64",
                           product_id: "chromedriver-99.0.4844.84-bp153.2.75.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "chromium-99.0.4844.84-bp153.2.75.1.x86_64",
                        product: {
                           name: "chromium-99.0.4844.84-bp153.2.75.1.x86_64",
                           product_id: "chromium-99.0.4844.84-bp153.2.75.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "apache2-2.4.51-3.37.1.x86_64",
                        product: {
                           name: "apache2-2.4.51-3.37.1.x86_64",
                           product_id: "apache2-2.4.51-3.37.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "apache2-devel-2.4.51-3.37.1.x86_64",
                        product: {
                           name: "apache2-devel-2.4.51-3.37.1.x86_64",
                           product_id: "apache2-devel-2.4.51-3.37.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "apache2-event-2.4.51-3.37.1.x86_64",
                        product: {
                           name: "apache2-event-2.4.51-3.37.1.x86_64",
                           product_id: "apache2-event-2.4.51-3.37.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "apache2-example-pages-2.4.51-3.37.1.x86_64",
                        product: {
                           name: "apache2-example-pages-2.4.51-3.37.1.x86_64",
                           product_id: "apache2-example-pages-2.4.51-3.37.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "apache2-prefork-2.4.51-3.37.1.x86_64",
                        product: {
                           name: "apache2-prefork-2.4.51-3.37.1.x86_64",
                           product_id: "apache2-prefork-2.4.51-3.37.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "apache2-utils-2.4.51-3.37.1.x86_64",
                        product: {
                           name: "apache2-utils-2.4.51-3.37.1.x86_64",
                           product_id: "apache2-utils-2.4.51-3.37.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "apache2-worker-2.4.51-3.37.1.x86_64",
                        product: {
                           name: "apache2-worker-2.4.51-3.37.1.x86_64",
                           product_id: "apache2-worker-2.4.51-3.37.1.x86_64",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "x86_64",
               },
               {
                  branches: [
                     {
                        category: "product_name",
                        name: "SUSE Package Hub 15 SP3",
                        product: {
                           name: "SUSE Package Hub 15 SP3",
                           product_id: "SUSE Package Hub 15 SP3",
                        },
                     },
                     {
                        category: "product_name",
                        name: "openSUSE Leap 15.3",
                        product: {
                           name: "openSUSE Leap 15.3",
                           product_id: "openSUSE Leap 15.3",
                           product_identification_helper: {
                              cpe: "cpe:/o:opensuse:leap:15.3",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "openSUSE Leap 15.3",
                        product: {
                           name: "openSUSE Leap 15.3",
                           product_id: "openSUSE Leap 15.3",
                           product_identification_helper: {
                              cpe: "cpe:/o:opensuse:leap:15.3",
                           },
                        },
                     },
                  ],
                  category: "product_family",
                  name: "SUSE Linux Enterprise",
               },
            ],
            category: "vendor",
            name: "SUSE",
         },
      ],
      relationships: [
         {
            category: "default_component_of",
            full_product_name: {
               name: "chromedriver-99.0.4844.84-bp153.2.75.1.aarch64 as component of SUSE Package Hub 15 SP3",
               product_id: "SUSE Package Hub 15 SP3:chromedriver-99.0.4844.84-bp153.2.75.1.aarch64",
            },
            product_reference: "chromedriver-99.0.4844.84-bp153.2.75.1.aarch64",
            relates_to_product_reference: "SUSE Package Hub 15 SP3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "chromedriver-99.0.4844.84-bp153.2.75.1.x86_64 as component of SUSE Package Hub 15 SP3",
               product_id: "SUSE Package Hub 15 SP3:chromedriver-99.0.4844.84-bp153.2.75.1.x86_64",
            },
            product_reference: "chromedriver-99.0.4844.84-bp153.2.75.1.x86_64",
            relates_to_product_reference: "SUSE Package Hub 15 SP3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "chromium-99.0.4844.84-bp153.2.75.1.aarch64 as component of SUSE Package Hub 15 SP3",
               product_id: "SUSE Package Hub 15 SP3:chromium-99.0.4844.84-bp153.2.75.1.aarch64",
            },
            product_reference: "chromium-99.0.4844.84-bp153.2.75.1.aarch64",
            relates_to_product_reference: "SUSE Package Hub 15 SP3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "chromium-99.0.4844.84-bp153.2.75.1.x86_64 as component of SUSE Package Hub 15 SP3",
               product_id: "SUSE Package Hub 15 SP3:chromium-99.0.4844.84-bp153.2.75.1.x86_64",
            },
            product_reference: "chromium-99.0.4844.84-bp153.2.75.1.x86_64",
            relates_to_product_reference: "SUSE Package Hub 15 SP3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "chromedriver-99.0.4844.84-bp153.2.75.1.aarch64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:chromedriver-99.0.4844.84-bp153.2.75.1.aarch64",
            },
            product_reference: "chromedriver-99.0.4844.84-bp153.2.75.1.aarch64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "chromedriver-99.0.4844.84-bp153.2.75.1.x86_64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:chromedriver-99.0.4844.84-bp153.2.75.1.x86_64",
            },
            product_reference: "chromedriver-99.0.4844.84-bp153.2.75.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "chromium-99.0.4844.84-bp153.2.75.1.aarch64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:chromium-99.0.4844.84-bp153.2.75.1.aarch64",
            },
            product_reference: "chromium-99.0.4844.84-bp153.2.75.1.aarch64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "chromium-99.0.4844.84-bp153.2.75.1.x86_64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:chromium-99.0.4844.84-bp153.2.75.1.x86_64",
            },
            product_reference: "chromium-99.0.4844.84-bp153.2.75.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-2.4.51-3.37.1.aarch64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-2.4.51-3.37.1.aarch64",
            },
            product_reference: "apache2-2.4.51-3.37.1.aarch64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-2.4.51-3.37.1.ppc64le as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-2.4.51-3.37.1.ppc64le",
            },
            product_reference: "apache2-2.4.51-3.37.1.ppc64le",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-2.4.51-3.37.1.s390x as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-2.4.51-3.37.1.s390x",
            },
            product_reference: "apache2-2.4.51-3.37.1.s390x",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-2.4.51-3.37.1.x86_64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-2.4.51-3.37.1.x86_64",
            },
            product_reference: "apache2-2.4.51-3.37.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-devel-2.4.51-3.37.1.aarch64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-devel-2.4.51-3.37.1.aarch64",
            },
            product_reference: "apache2-devel-2.4.51-3.37.1.aarch64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-devel-2.4.51-3.37.1.ppc64le as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-devel-2.4.51-3.37.1.ppc64le",
            },
            product_reference: "apache2-devel-2.4.51-3.37.1.ppc64le",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-devel-2.4.51-3.37.1.s390x as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-devel-2.4.51-3.37.1.s390x",
            },
            product_reference: "apache2-devel-2.4.51-3.37.1.s390x",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-devel-2.4.51-3.37.1.x86_64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-devel-2.4.51-3.37.1.x86_64",
            },
            product_reference: "apache2-devel-2.4.51-3.37.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-doc-2.4.51-3.37.1.noarch as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-doc-2.4.51-3.37.1.noarch",
            },
            product_reference: "apache2-doc-2.4.51-3.37.1.noarch",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-event-2.4.51-3.37.1.aarch64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-event-2.4.51-3.37.1.aarch64",
            },
            product_reference: "apache2-event-2.4.51-3.37.1.aarch64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-event-2.4.51-3.37.1.ppc64le as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-event-2.4.51-3.37.1.ppc64le",
            },
            product_reference: "apache2-event-2.4.51-3.37.1.ppc64le",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-event-2.4.51-3.37.1.s390x as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-event-2.4.51-3.37.1.s390x",
            },
            product_reference: "apache2-event-2.4.51-3.37.1.s390x",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-event-2.4.51-3.37.1.x86_64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-event-2.4.51-3.37.1.x86_64",
            },
            product_reference: "apache2-event-2.4.51-3.37.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-example-pages-2.4.51-3.37.1.aarch64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-example-pages-2.4.51-3.37.1.aarch64",
            },
            product_reference: "apache2-example-pages-2.4.51-3.37.1.aarch64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-example-pages-2.4.51-3.37.1.ppc64le as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-example-pages-2.4.51-3.37.1.ppc64le",
            },
            product_reference: "apache2-example-pages-2.4.51-3.37.1.ppc64le",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-example-pages-2.4.51-3.37.1.s390x as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-example-pages-2.4.51-3.37.1.s390x",
            },
            product_reference: "apache2-example-pages-2.4.51-3.37.1.s390x",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-example-pages-2.4.51-3.37.1.x86_64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-example-pages-2.4.51-3.37.1.x86_64",
            },
            product_reference: "apache2-example-pages-2.4.51-3.37.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-prefork-2.4.51-3.37.1.aarch64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-prefork-2.4.51-3.37.1.aarch64",
            },
            product_reference: "apache2-prefork-2.4.51-3.37.1.aarch64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-prefork-2.4.51-3.37.1.ppc64le as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-prefork-2.4.51-3.37.1.ppc64le",
            },
            product_reference: "apache2-prefork-2.4.51-3.37.1.ppc64le",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-prefork-2.4.51-3.37.1.s390x as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-prefork-2.4.51-3.37.1.s390x",
            },
            product_reference: "apache2-prefork-2.4.51-3.37.1.s390x",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-prefork-2.4.51-3.37.1.x86_64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-prefork-2.4.51-3.37.1.x86_64",
            },
            product_reference: "apache2-prefork-2.4.51-3.37.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-utils-2.4.51-3.37.1.aarch64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-utils-2.4.51-3.37.1.aarch64",
            },
            product_reference: "apache2-utils-2.4.51-3.37.1.aarch64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-utils-2.4.51-3.37.1.ppc64le as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-utils-2.4.51-3.37.1.ppc64le",
            },
            product_reference: "apache2-utils-2.4.51-3.37.1.ppc64le",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-utils-2.4.51-3.37.1.s390x as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-utils-2.4.51-3.37.1.s390x",
            },
            product_reference: "apache2-utils-2.4.51-3.37.1.s390x",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-utils-2.4.51-3.37.1.x86_64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-utils-2.4.51-3.37.1.x86_64",
            },
            product_reference: "apache2-utils-2.4.51-3.37.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-worker-2.4.51-3.37.1.aarch64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-worker-2.4.51-3.37.1.aarch64",
            },
            product_reference: "apache2-worker-2.4.51-3.37.1.aarch64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-worker-2.4.51-3.37.1.ppc64le as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-worker-2.4.51-3.37.1.ppc64le",
            },
            product_reference: "apache2-worker-2.4.51-3.37.1.ppc64le",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-worker-2.4.51-3.37.1.s390x as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-worker-2.4.51-3.37.1.s390x",
            },
            product_reference: "apache2-worker-2.4.51-3.37.1.s390x",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-worker-2.4.51-3.37.1.x86_64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-worker-2.4.51-3.37.1.x86_64",
            },
            product_reference: "apache2-worker-2.4.51-3.37.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "chromedriver-99.0.4844.84-bp153.2.75.1.aarch64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:chromedriver-99.0.4844.84-bp153.2.75.1.aarch64",
            },
            product_reference: "chromedriver-99.0.4844.84-bp153.2.75.1.aarch64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "chromedriver-99.0.4844.84-bp153.2.75.1.x86_64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:chromedriver-99.0.4844.84-bp153.2.75.1.x86_64",
            },
            product_reference: "chromedriver-99.0.4844.84-bp153.2.75.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "chromium-99.0.4844.84-bp153.2.75.1.aarch64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:chromium-99.0.4844.84-bp153.2.75.1.aarch64",
            },
            product_reference: "chromium-99.0.4844.84-bp153.2.75.1.aarch64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "chromium-99.0.4844.84-bp153.2.75.1.x86_64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:chromium-99.0.4844.84-bp153.2.75.1.x86_64",
            },
            product_reference: "chromium-99.0.4844.84-bp153.2.75.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-2.4.51-3.37.1.aarch64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-2.4.51-3.37.1.aarch64",
            },
            product_reference: "apache2-2.4.51-3.37.1.aarch64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-2.4.51-3.37.1.ppc64le as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-2.4.51-3.37.1.ppc64le",
            },
            product_reference: "apache2-2.4.51-3.37.1.ppc64le",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-2.4.51-3.37.1.s390x as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-2.4.51-3.37.1.s390x",
            },
            product_reference: "apache2-2.4.51-3.37.1.s390x",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-2.4.51-3.37.1.x86_64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-2.4.51-3.37.1.x86_64",
            },
            product_reference: "apache2-2.4.51-3.37.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-devel-2.4.51-3.37.1.aarch64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-devel-2.4.51-3.37.1.aarch64",
            },
            product_reference: "apache2-devel-2.4.51-3.37.1.aarch64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-devel-2.4.51-3.37.1.ppc64le as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-devel-2.4.51-3.37.1.ppc64le",
            },
            product_reference: "apache2-devel-2.4.51-3.37.1.ppc64le",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-devel-2.4.51-3.37.1.s390x as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-devel-2.4.51-3.37.1.s390x",
            },
            product_reference: "apache2-devel-2.4.51-3.37.1.s390x",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-devel-2.4.51-3.37.1.x86_64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-devel-2.4.51-3.37.1.x86_64",
            },
            product_reference: "apache2-devel-2.4.51-3.37.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-doc-2.4.51-3.37.1.noarch as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-doc-2.4.51-3.37.1.noarch",
            },
            product_reference: "apache2-doc-2.4.51-3.37.1.noarch",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-event-2.4.51-3.37.1.aarch64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-event-2.4.51-3.37.1.aarch64",
            },
            product_reference: "apache2-event-2.4.51-3.37.1.aarch64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-event-2.4.51-3.37.1.ppc64le as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-event-2.4.51-3.37.1.ppc64le",
            },
            product_reference: "apache2-event-2.4.51-3.37.1.ppc64le",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-event-2.4.51-3.37.1.s390x as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-event-2.4.51-3.37.1.s390x",
            },
            product_reference: "apache2-event-2.4.51-3.37.1.s390x",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-event-2.4.51-3.37.1.x86_64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-event-2.4.51-3.37.1.x86_64",
            },
            product_reference: "apache2-event-2.4.51-3.37.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-example-pages-2.4.51-3.37.1.aarch64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-example-pages-2.4.51-3.37.1.aarch64",
            },
            product_reference: "apache2-example-pages-2.4.51-3.37.1.aarch64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-example-pages-2.4.51-3.37.1.ppc64le as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-example-pages-2.4.51-3.37.1.ppc64le",
            },
            product_reference: "apache2-example-pages-2.4.51-3.37.1.ppc64le",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-example-pages-2.4.51-3.37.1.s390x as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-example-pages-2.4.51-3.37.1.s390x",
            },
            product_reference: "apache2-example-pages-2.4.51-3.37.1.s390x",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-example-pages-2.4.51-3.37.1.x86_64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-example-pages-2.4.51-3.37.1.x86_64",
            },
            product_reference: "apache2-example-pages-2.4.51-3.37.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-prefork-2.4.51-3.37.1.aarch64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-prefork-2.4.51-3.37.1.aarch64",
            },
            product_reference: "apache2-prefork-2.4.51-3.37.1.aarch64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-prefork-2.4.51-3.37.1.ppc64le as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-prefork-2.4.51-3.37.1.ppc64le",
            },
            product_reference: "apache2-prefork-2.4.51-3.37.1.ppc64le",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-prefork-2.4.51-3.37.1.s390x as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-prefork-2.4.51-3.37.1.s390x",
            },
            product_reference: "apache2-prefork-2.4.51-3.37.1.s390x",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-prefork-2.4.51-3.37.1.x86_64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-prefork-2.4.51-3.37.1.x86_64",
            },
            product_reference: "apache2-prefork-2.4.51-3.37.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-utils-2.4.51-3.37.1.aarch64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-utils-2.4.51-3.37.1.aarch64",
            },
            product_reference: "apache2-utils-2.4.51-3.37.1.aarch64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-utils-2.4.51-3.37.1.ppc64le as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-utils-2.4.51-3.37.1.ppc64le",
            },
            product_reference: "apache2-utils-2.4.51-3.37.1.ppc64le",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-utils-2.4.51-3.37.1.s390x as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-utils-2.4.51-3.37.1.s390x",
            },
            product_reference: "apache2-utils-2.4.51-3.37.1.s390x",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-utils-2.4.51-3.37.1.x86_64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-utils-2.4.51-3.37.1.x86_64",
            },
            product_reference: "apache2-utils-2.4.51-3.37.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-worker-2.4.51-3.37.1.aarch64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-worker-2.4.51-3.37.1.aarch64",
            },
            product_reference: "apache2-worker-2.4.51-3.37.1.aarch64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-worker-2.4.51-3.37.1.ppc64le as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-worker-2.4.51-3.37.1.ppc64le",
            },
            product_reference: "apache2-worker-2.4.51-3.37.1.ppc64le",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-worker-2.4.51-3.37.1.s390x as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-worker-2.4.51-3.37.1.s390x",
            },
            product_reference: "apache2-worker-2.4.51-3.37.1.s390x",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "apache2-worker-2.4.51-3.37.1.x86_64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:apache2-worker-2.4.51-3.37.1.x86_64",
            },
            product_reference: "apache2-worker-2.4.51-3.37.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2021-44224",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2021-44224",
            },
         ],
         notes: [
            {
               category: "general",
               text: "A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Package Hub 15 SP3:chromedriver-99.0.4844.84-bp153.2.75.1.aarch64",
               "SUSE Package Hub 15 SP3:chromedriver-99.0.4844.84-bp153.2.75.1.x86_64",
               "SUSE Package Hub 15 SP3:chromium-99.0.4844.84-bp153.2.75.1.aarch64",
               "SUSE Package Hub 15 SP3:chromium-99.0.4844.84-bp153.2.75.1.x86_64",
               "openSUSE Leap 15.3:apache2-2.4.51-3.37.1.aarch64",
               "openSUSE Leap 15.3:apache2-2.4.51-3.37.1.ppc64le",
               "openSUSE Leap 15.3:apache2-2.4.51-3.37.1.s390x",
               "openSUSE Leap 15.3:apache2-2.4.51-3.37.1.x86_64",
               "openSUSE Leap 15.3:apache2-devel-2.4.51-3.37.1.aarch64",
               "openSUSE Leap 15.3:apache2-devel-2.4.51-3.37.1.ppc64le",
               "openSUSE Leap 15.3:apache2-devel-2.4.51-3.37.1.s390x",
               "openSUSE Leap 15.3:apache2-devel-2.4.51-3.37.1.x86_64",
               "openSUSE Leap 15.3:apache2-doc-2.4.51-3.37.1.noarch",
               "openSUSE Leap 15.3:apache2-event-2.4.51-3.37.1.aarch64",
               "openSUSE Leap 15.3:apache2-event-2.4.51-3.37.1.ppc64le",
               "openSUSE Leap 15.3:apache2-event-2.4.51-3.37.1.s390x",
               "openSUSE Leap 15.3:apache2-event-2.4.51-3.37.1.x86_64",
               "openSUSE Leap 15.3:apache2-example-pages-2.4.51-3.37.1.aarch64",
               "openSUSE Leap 15.3:apache2-example-pages-2.4.51-3.37.1.ppc64le",
               "openSUSE Leap 15.3:apache2-example-pages-2.4.51-3.37.1.s390x",
               "openSUSE Leap 15.3:apache2-example-pages-2.4.51-3.37.1.x86_64",
               "openSUSE Leap 15.3:apache2-prefork-2.4.51-3.37.1.aarch64",
               "openSUSE Leap 15.3:apache2-prefork-2.4.51-3.37.1.ppc64le",
               "openSUSE Leap 15.3:apache2-prefork-2.4.51-3.37.1.s390x",
               "openSUSE Leap 15.3:apache2-prefork-2.4.51-3.37.1.x86_64",
               "openSUSE Leap 15.3:apache2-utils-2.4.51-3.37.1.aarch64",
               "openSUSE Leap 15.3:apache2-utils-2.4.51-3.37.1.ppc64le",
               "openSUSE Leap 15.3:apache2-utils-2.4.51-3.37.1.s390x",
               "openSUSE Leap 15.3:apache2-utils-2.4.51-3.37.1.x86_64",
               "openSUSE Leap 15.3:apache2-worker-2.4.51-3.37.1.aarch64",
               "openSUSE Leap 15.3:apache2-worker-2.4.51-3.37.1.ppc64le",
               "openSUSE Leap 15.3:apache2-worker-2.4.51-3.37.1.s390x",
               "openSUSE Leap 15.3:apache2-worker-2.4.51-3.37.1.x86_64",
               "openSUSE Leap 15.3:chromedriver-99.0.4844.84-bp153.2.75.1.aarch64",
               "openSUSE Leap 15.3:chromedriver-99.0.4844.84-bp153.2.75.1.x86_64",
               "openSUSE Leap 15.3:chromium-99.0.4844.84-bp153.2.75.1.aarch64",
               "openSUSE Leap 15.3:chromium-99.0.4844.84-bp153.2.75.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2021-44224",
               url: "https://www.suse.com/security/cve/CVE-2021-44224",
            },
            {
               category: "external",
               summary: "SUSE Bug 1193943 for CVE-2021-44224",
               url: "https://bugzilla.suse.com/1193943",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Package Hub 15 SP3:chromedriver-99.0.4844.84-bp153.2.75.1.aarch64",
                  "SUSE Package Hub 15 SP3:chromedriver-99.0.4844.84-bp153.2.75.1.x86_64",
                  "SUSE Package Hub 15 SP3:chromium-99.0.4844.84-bp153.2.75.1.aarch64",
                  "SUSE Package Hub 15 SP3:chromium-99.0.4844.84-bp153.2.75.1.x86_64",
                  "openSUSE Leap 15.3:apache2-2.4.51-3.37.1.aarch64",
                  "openSUSE Leap 15.3:apache2-2.4.51-3.37.1.ppc64le",
                  "openSUSE Leap 15.3:apache2-2.4.51-3.37.1.s390x",
                  "openSUSE Leap 15.3:apache2-2.4.51-3.37.1.x86_64",
                  "openSUSE Leap 15.3:apache2-devel-2.4.51-3.37.1.aarch64",
                  "openSUSE Leap 15.3:apache2-devel-2.4.51-3.37.1.ppc64le",
                  "openSUSE Leap 15.3:apache2-devel-2.4.51-3.37.1.s390x",
                  "openSUSE Leap 15.3:apache2-devel-2.4.51-3.37.1.x86_64",
                  "openSUSE Leap 15.3:apache2-doc-2.4.51-3.37.1.noarch",
                  "openSUSE Leap 15.3:apache2-event-2.4.51-3.37.1.aarch64",
                  "openSUSE Leap 15.3:apache2-event-2.4.51-3.37.1.ppc64le",
                  "openSUSE Leap 15.3:apache2-event-2.4.51-3.37.1.s390x",
                  "openSUSE Leap 15.3:apache2-event-2.4.51-3.37.1.x86_64",
                  "openSUSE Leap 15.3:apache2-example-pages-2.4.51-3.37.1.aarch64",
                  "openSUSE Leap 15.3:apache2-example-pages-2.4.51-3.37.1.ppc64le",
                  "openSUSE Leap 15.3:apache2-example-pages-2.4.51-3.37.1.s390x",
                  "openSUSE Leap 15.3:apache2-example-pages-2.4.51-3.37.1.x86_64",
                  "openSUSE Leap 15.3:apache2-prefork-2.4.51-3.37.1.aarch64",
                  "openSUSE Leap 15.3:apache2-prefork-2.4.51-3.37.1.ppc64le",
                  "openSUSE Leap 15.3:apache2-prefork-2.4.51-3.37.1.s390x",
                  "openSUSE Leap 15.3:apache2-prefork-2.4.51-3.37.1.x86_64",
                  "openSUSE Leap 15.3:apache2-utils-2.4.51-3.37.1.aarch64",
                  "openSUSE Leap 15.3:apache2-utils-2.4.51-3.37.1.ppc64le",
                  "openSUSE Leap 15.3:apache2-utils-2.4.51-3.37.1.s390x",
                  "openSUSE Leap 15.3:apache2-utils-2.4.51-3.37.1.x86_64",
                  "openSUSE Leap 15.3:apache2-worker-2.4.51-3.37.1.aarch64",
                  "openSUSE Leap 15.3:apache2-worker-2.4.51-3.37.1.ppc64le",
                  "openSUSE Leap 15.3:apache2-worker-2.4.51-3.37.1.s390x",
                  "openSUSE Leap 15.3:apache2-worker-2.4.51-3.37.1.x86_64",
                  "openSUSE Leap 15.3:chromedriver-99.0.4844.84-bp153.2.75.1.aarch64",
                  "openSUSE Leap 15.3:chromedriver-99.0.4844.84-bp153.2.75.1.x86_64",
                  "openSUSE Leap 15.3:chromium-99.0.4844.84-bp153.2.75.1.aarch64",
                  "openSUSE Leap 15.3:chromium-99.0.4844.84-bp153.2.75.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               products: [
                  "SUSE Package Hub 15 SP3:chromedriver-99.0.4844.84-bp153.2.75.1.aarch64",
                  "SUSE Package Hub 15 SP3:chromedriver-99.0.4844.84-bp153.2.75.1.x86_64",
                  "SUSE Package Hub 15 SP3:chromium-99.0.4844.84-bp153.2.75.1.aarch64",
                  "SUSE Package Hub 15 SP3:chromium-99.0.4844.84-bp153.2.75.1.x86_64",
                  "openSUSE Leap 15.3:apache2-2.4.51-3.37.1.aarch64",
                  "openSUSE Leap 15.3:apache2-2.4.51-3.37.1.ppc64le",
                  "openSUSE Leap 15.3:apache2-2.4.51-3.37.1.s390x",
                  "openSUSE Leap 15.3:apache2-2.4.51-3.37.1.x86_64",
                  "openSUSE Leap 15.3:apache2-devel-2.4.51-3.37.1.aarch64",
                  "openSUSE Leap 15.3:apache2-devel-2.4.51-3.37.1.ppc64le",
                  "openSUSE Leap 15.3:apache2-devel-2.4.51-3.37.1.s390x",
                  "openSUSE Leap 15.3:apache2-devel-2.4.51-3.37.1.x86_64",
                  "openSUSE Leap 15.3:apache2-doc-2.4.51-3.37.1.noarch",
                  "openSUSE Leap 15.3:apache2-event-2.4.51-3.37.1.aarch64",
                  "openSUSE Leap 15.3:apache2-event-2.4.51-3.37.1.ppc64le",
                  "openSUSE Leap 15.3:apache2-event-2.4.51-3.37.1.s390x",
                  "openSUSE Leap 15.3:apache2-event-2.4.51-3.37.1.x86_64",
                  "openSUSE Leap 15.3:apache2-example-pages-2.4.51-3.37.1.aarch64",
                  "openSUSE Leap 15.3:apache2-example-pages-2.4.51-3.37.1.ppc64le",
                  "openSUSE Leap 15.3:apache2-example-pages-2.4.51-3.37.1.s390x",
                  "openSUSE Leap 15.3:apache2-example-pages-2.4.51-3.37.1.x86_64",
                  "openSUSE Leap 15.3:apache2-prefork-2.4.51-3.37.1.aarch64",
                  "openSUSE Leap 15.3:apache2-prefork-2.4.51-3.37.1.ppc64le",
                  "openSUSE Leap 15.3:apache2-prefork-2.4.51-3.37.1.s390x",
                  "openSUSE Leap 15.3:apache2-prefork-2.4.51-3.37.1.x86_64",
                  "openSUSE Leap 15.3:apache2-utils-2.4.51-3.37.1.aarch64",
                  "openSUSE Leap 15.3:apache2-utils-2.4.51-3.37.1.ppc64le",
                  "openSUSE Leap 15.3:apache2-utils-2.4.51-3.37.1.s390x",
                  "openSUSE Leap 15.3:apache2-utils-2.4.51-3.37.1.x86_64",
                  "openSUSE Leap 15.3:apache2-worker-2.4.51-3.37.1.aarch64",
                  "openSUSE Leap 15.3:apache2-worker-2.4.51-3.37.1.ppc64le",
                  "openSUSE Leap 15.3:apache2-worker-2.4.51-3.37.1.s390x",
                  "openSUSE Leap 15.3:apache2-worker-2.4.51-3.37.1.x86_64",
                  "openSUSE Leap 15.3:chromedriver-99.0.4844.84-bp153.2.75.1.aarch64",
                  "openSUSE Leap 15.3:chromedriver-99.0.4844.84-bp153.2.75.1.x86_64",
                  "openSUSE Leap 15.3:chromium-99.0.4844.84-bp153.2.75.1.aarch64",
                  "openSUSE Leap 15.3:chromium-99.0.4844.84-bp153.2.75.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2022-01-17T15:25:36Z",
               details: "important",
            },
         ],
         title: "CVE-2021-44224",
      },
      {
         cve: "CVE-2021-44790",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2021-44790",
            },
         ],
         notes: [
            {
               category: "general",
               text: "A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Package Hub 15 SP3:chromedriver-99.0.4844.84-bp153.2.75.1.aarch64",
               "SUSE Package Hub 15 SP3:chromedriver-99.0.4844.84-bp153.2.75.1.x86_64",
               "SUSE Package Hub 15 SP3:chromium-99.0.4844.84-bp153.2.75.1.aarch64",
               "SUSE Package Hub 15 SP3:chromium-99.0.4844.84-bp153.2.75.1.x86_64",
               "openSUSE Leap 15.3:apache2-2.4.51-3.37.1.aarch64",
               "openSUSE Leap 15.3:apache2-2.4.51-3.37.1.ppc64le",
               "openSUSE Leap 15.3:apache2-2.4.51-3.37.1.s390x",
               "openSUSE Leap 15.3:apache2-2.4.51-3.37.1.x86_64",
               "openSUSE Leap 15.3:apache2-devel-2.4.51-3.37.1.aarch64",
               "openSUSE Leap 15.3:apache2-devel-2.4.51-3.37.1.ppc64le",
               "openSUSE Leap 15.3:apache2-devel-2.4.51-3.37.1.s390x",
               "openSUSE Leap 15.3:apache2-devel-2.4.51-3.37.1.x86_64",
               "openSUSE Leap 15.3:apache2-doc-2.4.51-3.37.1.noarch",
               "openSUSE Leap 15.3:apache2-event-2.4.51-3.37.1.aarch64",
               "openSUSE Leap 15.3:apache2-event-2.4.51-3.37.1.ppc64le",
               "openSUSE Leap 15.3:apache2-event-2.4.51-3.37.1.s390x",
               "openSUSE Leap 15.3:apache2-event-2.4.51-3.37.1.x86_64",
               "openSUSE Leap 15.3:apache2-example-pages-2.4.51-3.37.1.aarch64",
               "openSUSE Leap 15.3:apache2-example-pages-2.4.51-3.37.1.ppc64le",
               "openSUSE Leap 15.3:apache2-example-pages-2.4.51-3.37.1.s390x",
               "openSUSE Leap 15.3:apache2-example-pages-2.4.51-3.37.1.x86_64",
               "openSUSE Leap 15.3:apache2-prefork-2.4.51-3.37.1.aarch64",
               "openSUSE Leap 15.3:apache2-prefork-2.4.51-3.37.1.ppc64le",
               "openSUSE Leap 15.3:apache2-prefork-2.4.51-3.37.1.s390x",
               "openSUSE Leap 15.3:apache2-prefork-2.4.51-3.37.1.x86_64",
               "openSUSE Leap 15.3:apache2-utils-2.4.51-3.37.1.aarch64",
               "openSUSE Leap 15.3:apache2-utils-2.4.51-3.37.1.ppc64le",
               "openSUSE Leap 15.3:apache2-utils-2.4.51-3.37.1.s390x",
               "openSUSE Leap 15.3:apache2-utils-2.4.51-3.37.1.x86_64",
               "openSUSE Leap 15.3:apache2-worker-2.4.51-3.37.1.aarch64",
               "openSUSE Leap 15.3:apache2-worker-2.4.51-3.37.1.ppc64le",
               "openSUSE Leap 15.3:apache2-worker-2.4.51-3.37.1.s390x",
               "openSUSE Leap 15.3:apache2-worker-2.4.51-3.37.1.x86_64",
               "openSUSE Leap 15.3:chromedriver-99.0.4844.84-bp153.2.75.1.aarch64",
               "openSUSE Leap 15.3:chromedriver-99.0.4844.84-bp153.2.75.1.x86_64",
               "openSUSE Leap 15.3:chromium-99.0.4844.84-bp153.2.75.1.aarch64",
               "openSUSE Leap 15.3:chromium-99.0.4844.84-bp153.2.75.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2021-44790",
               url: "https://www.suse.com/security/cve/CVE-2021-44790",
            },
            {
               category: "external",
               summary: "SUSE Bug 1193942 for CVE-2021-44790",
               url: "https://bugzilla.suse.com/1193942",
            },
            {
               category: "external",
               summary: "SUSE Bug 1204730 for CVE-2021-44790",
               url: "https://bugzilla.suse.com/1204730",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Package Hub 15 SP3:chromedriver-99.0.4844.84-bp153.2.75.1.aarch64",
                  "SUSE Package Hub 15 SP3:chromedriver-99.0.4844.84-bp153.2.75.1.x86_64",
                  "SUSE Package Hub 15 SP3:chromium-99.0.4844.84-bp153.2.75.1.aarch64",
                  "SUSE Package Hub 15 SP3:chromium-99.0.4844.84-bp153.2.75.1.x86_64",
                  "openSUSE Leap 15.3:apache2-2.4.51-3.37.1.aarch64",
                  "openSUSE Leap 15.3:apache2-2.4.51-3.37.1.ppc64le",
                  "openSUSE Leap 15.3:apache2-2.4.51-3.37.1.s390x",
                  "openSUSE Leap 15.3:apache2-2.4.51-3.37.1.x86_64",
                  "openSUSE Leap 15.3:apache2-devel-2.4.51-3.37.1.aarch64",
                  "openSUSE Leap 15.3:apache2-devel-2.4.51-3.37.1.ppc64le",
                  "openSUSE Leap 15.3:apache2-devel-2.4.51-3.37.1.s390x",
                  "openSUSE Leap 15.3:apache2-devel-2.4.51-3.37.1.x86_64",
                  "openSUSE Leap 15.3:apache2-doc-2.4.51-3.37.1.noarch",
                  "openSUSE Leap 15.3:apache2-event-2.4.51-3.37.1.aarch64",
                  "openSUSE Leap 15.3:apache2-event-2.4.51-3.37.1.ppc64le",
                  "openSUSE Leap 15.3:apache2-event-2.4.51-3.37.1.s390x",
                  "openSUSE Leap 15.3:apache2-event-2.4.51-3.37.1.x86_64",
                  "openSUSE Leap 15.3:apache2-example-pages-2.4.51-3.37.1.aarch64",
                  "openSUSE Leap 15.3:apache2-example-pages-2.4.51-3.37.1.ppc64le",
                  "openSUSE Leap 15.3:apache2-example-pages-2.4.51-3.37.1.s390x",
                  "openSUSE Leap 15.3:apache2-example-pages-2.4.51-3.37.1.x86_64",
                  "openSUSE Leap 15.3:apache2-prefork-2.4.51-3.37.1.aarch64",
                  "openSUSE Leap 15.3:apache2-prefork-2.4.51-3.37.1.ppc64le",
                  "openSUSE Leap 15.3:apache2-prefork-2.4.51-3.37.1.s390x",
                  "openSUSE Leap 15.3:apache2-prefork-2.4.51-3.37.1.x86_64",
                  "openSUSE Leap 15.3:apache2-utils-2.4.51-3.37.1.aarch64",
                  "openSUSE Leap 15.3:apache2-utils-2.4.51-3.37.1.ppc64le",
                  "openSUSE Leap 15.3:apache2-utils-2.4.51-3.37.1.s390x",
                  "openSUSE Leap 15.3:apache2-utils-2.4.51-3.37.1.x86_64",
                  "openSUSE Leap 15.3:apache2-worker-2.4.51-3.37.1.aarch64",
                  "openSUSE Leap 15.3:apache2-worker-2.4.51-3.37.1.ppc64le",
                  "openSUSE Leap 15.3:apache2-worker-2.4.51-3.37.1.s390x",
                  "openSUSE Leap 15.3:apache2-worker-2.4.51-3.37.1.x86_64",
                  "openSUSE Leap 15.3:chromedriver-99.0.4844.84-bp153.2.75.1.aarch64",
                  "openSUSE Leap 15.3:chromedriver-99.0.4844.84-bp153.2.75.1.x86_64",
                  "openSUSE Leap 15.3:chromium-99.0.4844.84-bp153.2.75.1.aarch64",
                  "openSUSE Leap 15.3:chromium-99.0.4844.84-bp153.2.75.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               products: [
                  "SUSE Package Hub 15 SP3:chromedriver-99.0.4844.84-bp153.2.75.1.aarch64",
                  "SUSE Package Hub 15 SP3:chromedriver-99.0.4844.84-bp153.2.75.1.x86_64",
                  "SUSE Package Hub 15 SP3:chromium-99.0.4844.84-bp153.2.75.1.aarch64",
                  "SUSE Package Hub 15 SP3:chromium-99.0.4844.84-bp153.2.75.1.x86_64",
                  "openSUSE Leap 15.3:apache2-2.4.51-3.37.1.aarch64",
                  "openSUSE Leap 15.3:apache2-2.4.51-3.37.1.ppc64le",
                  "openSUSE Leap 15.3:apache2-2.4.51-3.37.1.s390x",
                  "openSUSE Leap 15.3:apache2-2.4.51-3.37.1.x86_64",
                  "openSUSE Leap 15.3:apache2-devel-2.4.51-3.37.1.aarch64",
                  "openSUSE Leap 15.3:apache2-devel-2.4.51-3.37.1.ppc64le",
                  "openSUSE Leap 15.3:apache2-devel-2.4.51-3.37.1.s390x",
                  "openSUSE Leap 15.3:apache2-devel-2.4.51-3.37.1.x86_64",
                  "openSUSE Leap 15.3:apache2-doc-2.4.51-3.37.1.noarch",
                  "openSUSE Leap 15.3:apache2-event-2.4.51-3.37.1.aarch64",
                  "openSUSE Leap 15.3:apache2-event-2.4.51-3.37.1.ppc64le",
                  "openSUSE Leap 15.3:apache2-event-2.4.51-3.37.1.s390x",
                  "openSUSE Leap 15.3:apache2-event-2.4.51-3.37.1.x86_64",
                  "openSUSE Leap 15.3:apache2-example-pages-2.4.51-3.37.1.aarch64",
                  "openSUSE Leap 15.3:apache2-example-pages-2.4.51-3.37.1.ppc64le",
                  "openSUSE Leap 15.3:apache2-example-pages-2.4.51-3.37.1.s390x",
                  "openSUSE Leap 15.3:apache2-example-pages-2.4.51-3.37.1.x86_64",
                  "openSUSE Leap 15.3:apache2-prefork-2.4.51-3.37.1.aarch64",
                  "openSUSE Leap 15.3:apache2-prefork-2.4.51-3.37.1.ppc64le",
                  "openSUSE Leap 15.3:apache2-prefork-2.4.51-3.37.1.s390x",
                  "openSUSE Leap 15.3:apache2-prefork-2.4.51-3.37.1.x86_64",
                  "openSUSE Leap 15.3:apache2-utils-2.4.51-3.37.1.aarch64",
                  "openSUSE Leap 15.3:apache2-utils-2.4.51-3.37.1.ppc64le",
                  "openSUSE Leap 15.3:apache2-utils-2.4.51-3.37.1.s390x",
                  "openSUSE Leap 15.3:apache2-utils-2.4.51-3.37.1.x86_64",
                  "openSUSE Leap 15.3:apache2-worker-2.4.51-3.37.1.aarch64",
                  "openSUSE Leap 15.3:apache2-worker-2.4.51-3.37.1.ppc64le",
                  "openSUSE Leap 15.3:apache2-worker-2.4.51-3.37.1.s390x",
                  "openSUSE Leap 15.3:apache2-worker-2.4.51-3.37.1.x86_64",
                  "openSUSE Leap 15.3:chromedriver-99.0.4844.84-bp153.2.75.1.aarch64",
                  "openSUSE Leap 15.3:chromedriver-99.0.4844.84-bp153.2.75.1.x86_64",
                  "openSUSE Leap 15.3:chromium-99.0.4844.84-bp153.2.75.1.aarch64",
                  "openSUSE Leap 15.3:chromium-99.0.4844.84-bp153.2.75.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2022-01-17T15:25:36Z",
               details: "critical",
            },
         ],
         title: "CVE-2021-44790",
      },
   ],
}

cve-2021-44790

Vulnerability from cvelistv5

Published

2021-12-20 00:00

Modified

2024-08-04 04:32

Severity ?

Summary

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

References

▼	URL	Tags
	http://httpd.apache.org/security/vulnerabilities_24.html
	http://www.openwall.com/lists/oss-security/2021/12/20/4	mailing-list
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/	vendor-advisory
	https://www.debian.org/security/2022/dsa-5035	vendor-advisory
	https://www.oracle.com/security-alerts/cpujan2022.html
	https://security.netapp.com/advisory/ntap-20211224-0001/
	https://www.tenable.com/security/tns-2022-01
	https://www.tenable.com/security/tns-2022-03
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/	vendor-advisory
	https://www.oracle.com/security-alerts/cpuapr2022.html
	https://support.apple.com/kb/HT213257
	https://support.apple.com/kb/HT213256
	https://support.apple.com/kb/HT213255
	http://seclists.org/fulldisclosure/2022/May/33	mailing-list
	http://seclists.org/fulldisclosure/2022/May/35	mailing-list
	http://seclists.org/fulldisclosure/2022/May/38	mailing-list
	https://security.gentoo.org/glsa/202208-20	vendor-advisory
	http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache HTTP Server	Version: Apache HTTP Server 2.4 <

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T04:32:13.543Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://httpd.apache.org/security/vulnerabilities_24.html",
               },
               {
                  name: "[oss-security] 20211220 CVE-2021-44790: Apache HTTP Server: Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2021/12/20/4",
               },
               {
                  name: "FEDORA-2021-29a536c2ae",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/",
               },
               {
                  name: "DSA-5035",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5035",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2022.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20211224-0001/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.tenable.com/security/tns-2022-01",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.tenable.com/security/tns-2022-03",
               },
               {
                  name: "FEDORA-2022-b4103753e9",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
               },
               {
                  name: "FEDORA-2022-21264ec6db",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
               },
               {
                  name: "FEDORA-2022-78e3211c55",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213257",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213256",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213255",
               },
               {
                  name: "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/May/33",
               },
               {
                  name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/May/35",
               },
               {
                  name: "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/May/38",
               },
               {
                  name: "GLSA-202208-20",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-20",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Apache HTTP Server",
               vendor: "Apache Software Foundation",
               versions: [
                  {
                     lessThanOrEqual: "2.4.51",
                     status: "affected",
                     version: "Apache HTTP Server 2.4",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               value: "Chamal",
            },
            {
               lang: "en",
               value: "Anonymous working with Trend Micro Zero Day Initiative",
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.",
            },
         ],
         metrics: [
            {
               other: {
                  content: {
                     other: "high",
                  },
                  type: "unknown",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-787",
                     description: "CWE-787 Out-of-bounds Write",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-04-03T00:00:00",
            orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            shortName: "apache",
         },
         references: [
            {
               url: "http://httpd.apache.org/security/vulnerabilities_24.html",
            },
            {
               name: "[oss-security] 20211220 CVE-2021-44790: Apache HTTP Server: Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2021/12/20/4",
            },
            {
               name: "FEDORA-2021-29a536c2ae",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/",
            },
            {
               name: "DSA-5035",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2022/dsa-5035",
            },
            {
               url: "https://www.oracle.com/security-alerts/cpujan2022.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20211224-0001/",
            },
            {
               url: "https://www.tenable.com/security/tns-2022-01",
            },
            {
               url: "https://www.tenable.com/security/tns-2022-03",
            },
            {
               name: "FEDORA-2022-b4103753e9",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
            },
            {
               name: "FEDORA-2022-21264ec6db",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
            },
            {
               name: "FEDORA-2022-78e3211c55",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
            },
            {
               url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
            },
            {
               url: "https://support.apple.com/kb/HT213257",
            },
            {
               url: "https://support.apple.com/kb/HT213256",
            },
            {
               url: "https://support.apple.com/kb/HT213255",
            },
            {
               name: "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/May/33",
            },
            {
               name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/May/35",
            },
            {
               name: "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/May/38",
            },
            {
               name: "GLSA-202208-20",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-20",
            },
            {
               url: "http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         timeline: [
            {
               lang: "en",
               time: "2021-12-07T00:00:00",
               value: "Reported to security team",
            },
            {
               lang: "en",
               time: "2021-12-16T00:00:00",
               value: "Fixed by r1896039 in 2.4.x",
            },
         ],
         title: "Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier",
         x_generator: {
            engine: "Vulnogram 0.0.9",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
      assignerShortName: "apache",
      cveId: "CVE-2021-44790",
      datePublished: "2021-12-20T00:00:00",
      dateReserved: "2021-12-10T00:00:00",
      dateUpdated: "2024-08-04T04:32:13.543Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-44224

Vulnerability from cvelistv5

Published

2021-12-20 11:20

Modified

2024-08-04 04:17

Severity ?

Summary

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).

References

▼	URL	Tags
	http://httpd.apache.org/security/vulnerabilities_24.html	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2021/12/20/3	mailing-list, x_refsource_MLIST
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/	vendor-advisory, x_refsource_FEDORA
	https://www.debian.org/security/2022/dsa-5035	vendor-advisory, x_refsource_DEBIAN
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20211224-0001/	x_refsource_CONFIRM
	https://www.tenable.com/security/tns-2022-01	x_refsource_CONFIRM
	https://www.tenable.com/security/tns-2022-03	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/	vendor-advisory, x_refsource_FEDORA
	https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC
	https://support.apple.com/kb/HT213257	x_refsource_CONFIRM
	https://support.apple.com/kb/HT213256	x_refsource_CONFIRM
	https://support.apple.com/kb/HT213255	x_refsource_CONFIRM
	http://seclists.org/fulldisclosure/2022/May/33	mailing-list, x_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2022/May/35	mailing-list, x_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2022/May/38	mailing-list, x_refsource_FULLDISC
	https://security.gentoo.org/glsa/202208-20	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache HTTP Server	Version: 2.4.7 < Apache HTTP Server 2.4*

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T04:17:24.919Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://httpd.apache.org/security/vulnerabilities_24.html",
               },
               {
                  name: "[oss-security] 20211220 CVE-2021-44224: Apache HTTP Server: Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2021/12/20/3",
               },
               {
                  name: "FEDORA-2021-29a536c2ae",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/",
               },
               {
                  name: "DSA-5035",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5035",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2022.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20211224-0001/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.tenable.com/security/tns-2022-01",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.tenable.com/security/tns-2022-03",
               },
               {
                  name: "FEDORA-2022-b4103753e9",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
               },
               {
                  name: "FEDORA-2022-21264ec6db",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
               },
               {
                  name: "FEDORA-2022-78e3211c55",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213257",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213256",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213255",
               },
               {
                  name: "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/May/33",
               },
               {
                  name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/May/35",
               },
               {
                  name: "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/May/38",
               },
               {
                  name: "GLSA-202208-20",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-20",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Apache HTTP Server",
               vendor: "Apache Software Foundation",
               versions: [
                  {
                     lessThan: "Apache HTTP Server 2.4*",
                     status: "affected",
                     version: "2.4.7",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               value: "漂亮鼠",
            },
            {
               lang: "en",
               value: "TengMA(@Te3t123)",
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).",
            },
         ],
         metrics: [
            {
               other: {
                  content: {
                     other: "moderate",
                  },
                  type: "unknown",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-476",
                     description: "CWE-476 NULL Pointer Dereference",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-08-14T01:08:09",
            orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            shortName: "apache",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://httpd.apache.org/security/vulnerabilities_24.html",
            },
            {
               name: "[oss-security] 20211220 CVE-2021-44224: Apache HTTP Server: Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2021/12/20/3",
            },
            {
               name: "FEDORA-2021-29a536c2ae",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/",
            },
            {
               name: "DSA-5035",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5035",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2022.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20211224-0001/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.tenable.com/security/tns-2022-01",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.tenable.com/security/tns-2022-03",
            },
            {
               name: "FEDORA-2022-b4103753e9",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
            },
            {
               name: "FEDORA-2022-21264ec6db",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
            },
            {
               name: "FEDORA-2022-78e3211c55",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT213257",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT213256",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT213255",
            },
            {
               name: "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2022/May/33",
            },
            {
               name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2022/May/35",
            },
            {
               name: "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2022/May/38",
            },
            {
               name: "GLSA-202208-20",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202208-20",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         timeline: [
            {
               lang: "en",
               time: "2021-11-18T00:00:00",
               value: "Reported to security team",
            },
            {
               lang: "en",
               time: "2021-12-14T00:00:00",
               value: "fixed by r1895955+r1896044 in 2.4.x",
            },
         ],
         title: "Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier",
         x_generator: {
            engine: "Vulnogram 0.0.9",
         },
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@apache.org",
               ID: "CVE-2021-44224",
               STATE: "PUBLIC",
               TITLE: "Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Apache HTTP Server",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: ">=",
                                          version_name: "Apache HTTP Server 2.4",
                                          version_value: "2.4.7",
                                       },
                                       {
                                          version_affected: "<=",
                                          version_name: "Apache HTTP Server 2.4",
                                          version_value: "2.4.51 +1",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Apache Software Foundation",
                     },
                  ],
               },
            },
            credit: [
               {
                  lang: "eng",
                  value: "漂亮鼠",
               },
               {
                  lang: "eng",
                  value: "TengMA(@Te3t123)",
               },
            ],
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).",
                  },
               ],
            },
            generator: {
               engine: "Vulnogram 0.0.9",
            },
            impact: [
               {
                  other: "moderate",
               },
            ],
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-476 NULL Pointer Dereference",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://httpd.apache.org/security/vulnerabilities_24.html",
                     refsource: "MISC",
                     url: "http://httpd.apache.org/security/vulnerabilities_24.html",
                  },
                  {
                     name: "[oss-security] 20211220 CVE-2021-44224: Apache HTTP Server: Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2021/12/20/3",
                  },
                  {
                     name: "FEDORA-2021-29a536c2ae",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/",
                  },
                  {
                     name: "DSA-5035",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5035",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2022.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20211224-0001/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20211224-0001/",
                  },
                  {
                     name: "https://www.tenable.com/security/tns-2022-01",
                     refsource: "CONFIRM",
                     url: "https://www.tenable.com/security/tns-2022-01",
                  },
                  {
                     name: "https://www.tenable.com/security/tns-2022-03",
                     refsource: "CONFIRM",
                     url: "https://www.tenable.com/security/tns-2022-03",
                  },
                  {
                     name: "FEDORA-2022-b4103753e9",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
                  },
                  {
                     name: "FEDORA-2022-21264ec6db",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
                  },
                  {
                     name: "FEDORA-2022-78e3211c55",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuapr2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  },
                  {
                     name: "https://support.apple.com/kb/HT213257",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT213257",
                  },
                  {
                     name: "https://support.apple.com/kb/HT213256",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT213256",
                  },
                  {
                     name: "https://support.apple.com/kb/HT213255",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT213255",
                  },
                  {
                     name: "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2022/May/33",
                  },
                  {
                     name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2022/May/35",
                  },
                  {
                     name: "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2022/May/38",
                  },
                  {
                     name: "GLSA-202208-20",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202208-20",
                  },
               ],
            },
            source: {
               discovery: "UNKNOWN",
            },
            timeline: [
               {
                  lang: "en",
                  time: "2021-11-18T00:00:00",
                  value: "Reported to security team",
               },
               {
                  lang: "en",
                  time: "2021-12-14T00:00:00",
                  value: "fixed by r1895955+r1896044 in 2.4.x",
               },
            ],
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
      assignerShortName: "apache",
      cveId: "CVE-2021-44224",
      datePublished: "2021-12-20T11:20:13",
      dateReserved: "2021-11-25T00:00:00",
      dateUpdated: "2024-08-04T04:17:24.919Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from csaf_opensuse

cve-2021-44790

Vulnerability from cvelistv5

cve-2021-44224

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature