var-202109-1803
Vulnerability from variot
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. The server is fast, reliable and extensible through a simple API. An attacker could exploit this vulnerability to write malicious content and execute it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: httpd security update Advisory ID: RHSA-2022:0143-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0143 Issue date: 2022-01-17 CVE Names: CVE-2021-26691 CVE-2021-34798 CVE-2021-39275 CVE-2021-44790 ==================================================================== 1. Summary:
An update for httpd is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
Security Fix(es):
-
httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)
-
httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691)
-
httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)
-
httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1966732 - CVE-2021-26691 httpd: mod_session: Heap overflow via a crafted SessionHeader value 2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input 2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests 2034674 - CVE-2021-44790 httpd: mod_lua: Possible buffer overflow when parsing multipart content
- Package List:
Red Hat Enterprise Linux Client Optional (v. 7):
Source: httpd-2.4.6-97.el7_9.4.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source: httpd-2.4.6-97.el7_9.4.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: httpd-2.4.6-97.el7_9.4.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
ppc64: httpd-2.4.6-97.el7_9.4.ppc64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm httpd-devel-2.4.6-97.el7_9.4.ppc64.rpm httpd-tools-2.4.6-97.el7_9.4.ppc64.rpm mod_session-2.4.6-97.el7_9.4.ppc64.rpm mod_ssl-2.4.6-97.el7_9.4.ppc64.rpm
ppc64le: httpd-2.4.6-97.el7_9.4.ppc64le.rpm httpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm httpd-devel-2.4.6-97.el7_9.4.ppc64le.rpm httpd-tools-2.4.6-97.el7_9.4.ppc64le.rpm mod_session-2.4.6-97.el7_9.4.ppc64le.rpm mod_ssl-2.4.6-97.el7_9.4.ppc64le.rpm
s390x: httpd-2.4.6-97.el7_9.4.s390x.rpm httpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm httpd-devel-2.4.6-97.el7_9.4.s390x.rpm httpd-tools-2.4.6-97.el7_9.4.s390x.rpm mod_session-2.4.6-97.el7_9.4.s390x.rpm mod_ssl-2.4.6-97.el7_9.4.s390x.rpm
x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: httpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm mod_ldap-2.4.6-97.el7_9.4.ppc64.rpm mod_proxy_html-2.4.6-97.el7_9.4.ppc64.rpm
ppc64le: httpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm mod_ldap-2.4.6-97.el7_9.4.ppc64le.rpm mod_proxy_html-2.4.6-97.el7_9.4.ppc64le.rpm
s390x: httpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm mod_ldap-2.4.6-97.el7_9.4.s390x.rpm mod_proxy_html-2.4.6-97.el7_9.4.s390x.rpm
x86_64: httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: httpd-2.4.6-97.el7_9.4.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-26691 https://access.redhat.com/security/cve/CVE-2021-34798 https://access.redhat.com/security/cve/CVE-2021-39275 https://access.redhat.com/security/cve/CVE-2021-44790 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYeVdC9zjgjWX9erEAQgzNw/8CjsxUvDW64dwvpcYH/OWJhKqvD53sX+w ivf4+hhCsEVLvrjD0eTNkbeza+dcZqoR5swL0IjAGXKJ/0q/oh4/yxq2ydgvEYsY rAjts0tnynoswBaFo6eaBlcNxQroGID0uqgXkUFt37m4eetACuOSVRcZ7/sNsqBS iQF4l16vjNvKeOdKY8nSNe77Dt1/Lj41NoL6XbAZPuvaiLBqqGOY9xYfZSSmFHFq H4dB8cfMC4cWysFtnzffJ+dJdzcWNOxklwLlZe72JoAJYP59da2YuIoE2LsQRGPC Occ84zH/UZx4JWJhF7FEEALC/tizfFqu9qWr1OIDmSVTEAZ+6IZ/mDeF83+0Mrc4 AiV3oiJi7Fx4XTDUL8fim+FORaSI2IR7LK1Zjau1qCN04ayyFXwJdK/fwgIWJHon gYhyUsAj7F7At9m8cCVRP5K4jjmr0qrmsF1M1B6xqMLWlYNcWu3obJS/FbiSdwQJ 7jFdBagThGOzIle0eGk0iMZ+vRJSuaSMZ7GDA14o46KB+EkvYLe+wi6jBQXJeD6Q Oueenu2JiMvB8+dJNYrn9uQY+8WHyCVV1HMMmVo9LajA1FJRXgMIQN5ZmDMoDW73 qFV+VCOHtKPI2hC8ngZYy2RyEUhK4t3f7xmJgtoJ4/DuaGsRWL7xZPL7gLHxWnS4 5VjPyLrWg5U=TyMo -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-5090-3 September 28, 2021
apache2 regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
USN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem.
Original advisory details:
James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2021-34798) Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-39275) It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to forward requests to arbitrary origin servers. (CVE-2021-40438)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.04: apache2 2.4.46-4ubuntu1.3 apache2-bin 2.4.46-4ubuntu1.3
Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.6 apache2-bin 2.4.41-4ubuntu3.6
Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.18 apache2-bin 2.4.29-1ubuntu4.18
In general, a standard system update will make all the necessary changes. 7) - noarch, x86_64
Bug Fix(es):
- proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319)
Additional changes:
- To fix CVE-2022-29404, the default value for the "LimitRequestBody" directive in the Apache HTTP Server has been changed from 0 (unlimited) to 1 GiB.
On systems where the value of "LimitRequestBody" is not explicitly specified in an httpd configuration file, updating the httpd package sets "LimitRequestBody" to the default value of 1 GiB. As a consequence, if the total size of the HTTP request body exceeds this 1 GiB default limit, httpd returns the 413 Request Entity Too Large error code.
If the new default allowed size of an HTTP request message body is insufficient for your use case, update your httpd configuration files within the respective context (server, per-directory, per-file, or per-location) and set your preferred limit in bytes. For example, to set a new 2 GiB limit, use:
LimitRequestBody 2147483648
Systems already configured to use any explicit value for the "LimitRequestBody" directive are unaffected by this change. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202109-1803", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ucosminexus service platform", "scope": null, "trust": 1.6, "vendor": "\u65e5\u7acb", "version": null }, { "model": "ucosminexus application server", "scope": null, "trust": 1.6, "vendor": "\u65e5\u7acb", "version": null }, { "model": "ucosminexus primary server base", "scope": null, "trust": 1.6, "vendor": "\u65e5\u7acb", "version": null }, { "model": "instantis enterprisetrack", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.3" }, { "model": "clustered data ontap", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "instantis enterprisetrack", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.1" }, { "model": "sinema server", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "10.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "11.0" }, { "model": "cloud backup", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "34" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "storagegrid", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "instantis enterprisetrack", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.2" }, { "model": "zfs storage appliance kit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.8" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "35" }, { "model": "sinec nms", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "http server", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "2.4.48" }, { "model": "ucosminexus developer", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "hitachi web server - custom edition", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "http server", "scope": null, "trust": 0.8, "vendor": "apache", "version": null }, { "model": "ucosminexus application server-r", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "ucosminexus service architect", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "storagegrid", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "fedora", "scope": null, "trust": 0.8, "vendor": "fedora", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "hitachi web server", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "cosminexus http server", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "clustered data ontap", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "http server", "scope": "lte", "trust": 0.6, "vendor": "apache", "version": "\u003c=2.4.48" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-03225" }, { "db": "JVNDB", "id": "JVNDB-2021-008414" }, { "db": "NVD", "id": "CVE-2021-39275" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.4.48", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:sinema_server:14.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-39275" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202109-1098" } ], "trust": 0.6 }, "cve": "CVE-2021-39275", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-39275", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2022-03225", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-400791", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-39275", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-39275", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2022-03225", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202109-1098", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-400791", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-39275", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-03225" }, { "db": "VULHUB", "id": "VHN-400791" }, { "db": "VULMON", "id": "CVE-2021-39275" }, { "db": "JVNDB", "id": "JVNDB-2021-008414" }, { "db": "CNNVD", "id": "CNNVD-202109-1098" }, { "db": "NVD", "id": "CVE-2021-39275" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. The server is fast, reliable and extensible through a simple API. An attacker could exploit this vulnerability to write malicious content and execute it. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: httpd security update\nAdvisory ID: RHSA-2022:0143-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:0143\nIssue date: 2022-01-17\nCVE Names: CVE-2021-26691 CVE-2021-34798 CVE-2021-39275\n CVE-2021-44790\n====================================================================\n1. Summary:\n\nAn update for httpd is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. \n\nSecurity Fix(es):\n\n* httpd: mod_lua: Possible buffer overflow when parsing multipart content\n(CVE-2021-44790)\n\n* httpd: mod_session: Heap overflow via a crafted SessionHeader value\n(CVE-2021-26691)\n\n* httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)\n\n* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n(CVE-2021-39275)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1966732 - CVE-2021-26691 httpd: mod_session: Heap overflow via a crafted SessionHeader value\n2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests\n2034674 - CVE-2021-44790 httpd: mod_lua: Possible buffer overflow when parsing multipart content\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nppc64:\nhttpd-2.4.6-97.el7_9.4.ppc64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.ppc64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.ppc64.rpm\nmod_session-2.4.6-97.el7_9.4.ppc64.rpm\nmod_ssl-2.4.6-97.el7_9.4.ppc64.rpm\n\nppc64le:\nhttpd-2.4.6-97.el7_9.4.ppc64le.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm\nhttpd-devel-2.4.6-97.el7_9.4.ppc64le.rpm\nhttpd-tools-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_session-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_ssl-2.4.6-97.el7_9.4.ppc64le.rpm\n\ns390x:\nhttpd-2.4.6-97.el7_9.4.s390x.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm\nhttpd-devel-2.4.6-97.el7_9.4.s390x.rpm\nhttpd-tools-2.4.6-97.el7_9.4.s390x.rpm\nmod_session-2.4.6-97.el7_9.4.s390x.rpm\nmod_ssl-2.4.6-97.el7_9.4.s390x.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm\nmod_ldap-2.4.6-97.el7_9.4.ppc64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.ppc64.rpm\n\nppc64le:\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_ldap-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.ppc64le.rpm\n\ns390x:\nhttpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm\nmod_ldap-2.4.6-97.el7_9.4.s390x.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.s390x.rpm\n\nx86_64:\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-26691\nhttps://access.redhat.com/security/cve/CVE-2021-34798\nhttps://access.redhat.com/security/cve/CVE-2021-39275\nhttps://access.redhat.com/security/cve/CVE-2021-44790\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYeVdC9zjgjWX9erEAQgzNw/8CjsxUvDW64dwvpcYH/OWJhKqvD53sX+w\nivf4+hhCsEVLvrjD0eTNkbeza+dcZqoR5swL0IjAGXKJ/0q/oh4/yxq2ydgvEYsY\nrAjts0tnynoswBaFo6eaBlcNxQroGID0uqgXkUFt37m4eetACuOSVRcZ7/sNsqBS\niQF4l16vjNvKeOdKY8nSNe77Dt1/Lj41NoL6XbAZPuvaiLBqqGOY9xYfZSSmFHFq\nH4dB8cfMC4cWysFtnzffJ+dJdzcWNOxklwLlZe72JoAJYP59da2YuIoE2LsQRGPC\nOcc84zH/UZx4JWJhF7FEEALC/tizfFqu9qWr1OIDmSVTEAZ+6IZ/mDeF83+0Mrc4\nAiV3oiJi7Fx4XTDUL8fim+FORaSI2IR7LK1Zjau1qCN04ayyFXwJdK/fwgIWJHon\ngYhyUsAj7F7At9m8cCVRP5K4jjmr0qrmsF1M1B6xqMLWlYNcWu3obJS/FbiSdwQJ\n7jFdBagThGOzIle0eGk0iMZ+vRJSuaSMZ7GDA14o46KB+EkvYLe+wi6jBQXJeD6Q\nOueenu2JiMvB8+dJNYrn9uQY+8WHyCVV1HMMmVo9LajA1FJRXgMIQN5ZmDMoDW73\nqFV+VCOHtKPI2hC8ngZYy2RyEUhK4t3f7xmJgtoJ4/DuaGsRWL7xZPL7gLHxWnS4\n5VjPyLrWg5U=TyMo\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-5090-3\nSeptember 28, 2021\n\napache2 regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.04\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nUSN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream\nfixes introduced a regression in UDS URIs. This update fixes the problem. \n\nOriginal advisory details:\n\n James Kettle discovered that the Apache HTTP Server HTTP/2 module\n incorrectly handled certain crafted methods. A remote attacker could\n possibly use this issue to perform request splitting or cache poisoning\n attacks. A remote attacker could possibly use this issue to\n cause the server to crash, resulting in a denial of service. \n (CVE-2021-34798)\n Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly\n handled certain request uri-paths. A remote attacker could possibly use\n this issue to cause the server to crash, resulting in a denial of service. \n This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote\n attacker could use this issue to cause the server to crash, resulting in a\n denial of service, or possibly execute arbitrary code. (CVE-2021-39275)\n It was discovered that the Apache mod_proxy module incorrectly handled\n certain request uri-paths. A remote attacker could possibly use this issue\n to cause the server to forward requests to arbitrary origin servers. \n (CVE-2021-40438)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.04:\n apache2 2.4.46-4ubuntu1.3\n apache2-bin 2.4.46-4ubuntu1.3\n\nUbuntu 20.04 LTS:\n apache2 2.4.41-4ubuntu3.6\n apache2-bin 2.4.41-4ubuntu3.6\n\nUbuntu 18.04 LTS:\n apache2 2.4.29-1ubuntu4.18\n apache2-bin 2.4.29-1ubuntu4.18\n\nIn general, a standard system update will make all the necessary changes. 7) - noarch, x86_64\n\n3. \n\nBug Fix(es):\n\n* proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319)\n\nAdditional changes:\n\n* To fix CVE-2022-29404, the default value for the \"LimitRequestBody\"\ndirective in the Apache HTTP Server has been changed from 0 (unlimited) to\n1 GiB. \n\nOn systems where the value of \"LimitRequestBody\" is not explicitly\nspecified in an httpd configuration file, updating the httpd package sets\n\"LimitRequestBody\" to the default value of 1 GiB. As a consequence, if the\ntotal size of the HTTP request body exceeds this 1 GiB default limit, httpd\nreturns the 413 Request Entity Too Large error code. \n\nIf the new default allowed size of an HTTP request message body is\ninsufficient for your use case, update your httpd configuration files\nwithin the respective context (server, per-directory, per-file, or\nper-location) and set your preferred limit in bytes. For example, to set a\nnew 2 GiB limit, use:\n\nLimitRequestBody 2147483648\n\nSystems already configured to use any explicit value for the\n\"LimitRequestBody\" directive are unaffected by this change. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51\nserves as a replacement for Red Hat JBoss Core Services Apache HTTP Server\n2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are\ndocumented in the Release Notes document linked to in the References", "sources": [ { "db": "NVD", "id": "CVE-2021-39275" }, { "db": "JVNDB", "id": "JVNDB-2021-008414" }, { "db": "CNVD", "id": "CNVD-2022-03225" }, { "db": "VULHUB", "id": "VHN-400791" }, { "db": "VULMON", "id": "CVE-2021-39275" }, { "db": "PACKETSTORM", "id": "165587" }, { "db": "PACKETSTORM", "id": "164307" }, { "db": "PACKETSTORM", "id": "164305" }, { "db": "PACKETSTORM", "id": "164318" }, { "db": "PACKETSTORM", "id": "168565" }, { "db": "PACKETSTORM", "id": "169541" } ], "trust": 2.88 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-39275", "trust": 4.6 }, { "db": "SIEMENS", "id": "SSA-685781", "trust": 1.8 }, { "db": "PACKETSTORM", "id": "165587", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "168565", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "169541", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-008414", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2022-03225", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "166321", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "168072", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-22-167-06", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "164318", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.3341", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4004.3", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3357", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3234", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3387", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0850", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3250", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3544", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4004.5", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3148", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4004.7", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3591", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0217", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4004.2", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.2978", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "164329", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022042117", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021092301", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022011749", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021101101", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060624", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022031528", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022032013", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022030119", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022012038", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022042295", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021091707", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022010632", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021101513", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021102602", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021101005", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022042538", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202109-1098", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "169540", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-400791", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-39275", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "164307", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "164305", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-03225" }, { "db": "VULHUB", "id": "VHN-400791" }, { "db": "VULMON", "id": "CVE-2021-39275" }, { "db": "JVNDB", "id": "JVNDB-2021-008414" }, { "db": "PACKETSTORM", "id": "165587" }, { "db": "PACKETSTORM", "id": "164307" }, { "db": "PACKETSTORM", "id": "164305" }, { "db": "PACKETSTORM", "id": "164318" }, { "db": "PACKETSTORM", "id": "168565" }, { "db": "PACKETSTORM", "id": "169541" }, { "db": "CNNVD", "id": "CNNVD-202109-1098" }, { "db": "NVD", "id": "CVE-2021-39275" } ] }, "id": "VAR-202109-1803", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-03225" }, { "db": "VULHUB", "id": "VHN-400791" } ], "trust": 1.1607142799999999 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-03225" } ] }, "last_update_date": "2024-07-23T19:24:35.857000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "hitachi-sec-2022-111", "trust": 0.8, "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "title": "Patch for Apache HTTP Server ap_escape_quotes Buffer Overflow Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/313446" }, { "title": "Apache HTTP Server Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=164677" }, { "title": "Red Hat: Moderate: httpd:2.4 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220891 - security advisory" }, { "title": "Red Hat: CVE-2021-39275", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2021-39275" }, { "title": "Debian Security Advisories: DSA-4982-1 apache2 -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=93a29f7ecf9a6aaba79d3b3320aa4b85" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2021-39275 log" }, { "title": "Hitachi Security Advisories: Vulnerability in Cosminexus HTTP Server and Hitachi Web Server", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2022-111" }, { "title": "Red Hat: Moderate: httpd24-httpd security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226753 - security advisory" }, { "title": "Brocade Security Advisories: CVE-2021-39275. ap_escape_quotes buffer overflow", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=8a2abdf2d185adc365552c461d65931f" }, { "title": "Amazon Linux AMI: ALAS-2021-1543", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2021-1543" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20227143 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20227144 - security advisory" }, { "title": "Amazon Linux 2: ALAS2-2021-1716", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2021-1716" }, { "title": "Cisco: Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-apache-httpd-2.4.49-vwl69swq" }, { "title": "PROJET TUTEURE", "trust": 0.1, "url": "https://github.com/pierrechrd/py-projet-tut " }, { "title": "Tier 0\nTier 1\nTier 2", "trust": 0.1, "url": "https://github.com/totes5706/toteshtb " }, { "title": "Requirements\nvulnsearch-cve\nUsage\nvulnsearch\nUsage\nTest Sample", "trust": 0.1, "url": "https://github.com/kasem545/vulnsearch " }, { "title": "Skynet", "trust": 0.1, "url": "https://github.com/bioly230/thm_skynet " }, { "title": "Shodan Search Script", "trust": 0.1, "url": "https://github.com/firatesatoglu/shodansearch " } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-03225" }, { "db": "VULMON", "id": "CVE-2021-39275" }, { "db": "JVNDB", "id": "JVNDB-2021-008414" }, { "db": "CNNVD", "id": "CNNVD-202109-1098" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": "CWE-120", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-400791" }, { "db": "JVNDB", "id": "JVNDB-2021-008414" }, { "db": "NVD", "id": "CVE-2021-39275" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20211008-0004/" }, { "trust": 1.8, "url": "https://www.debian.org/security/2021/dsa-4982" }, { "trust": 1.8, "url": "https://security.gentoo.org/glsa/202208-20" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "trust": 1.8, "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html" }, { "trust": 1.2, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-httpd-2.4.49-vwl69swq" }, { "trust": 1.2, "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "trust": 1.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3cusers.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3cusers.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3cusers.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3cusers.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/" }, { "trust": 1.0, "url": "https://access.redhat.com/security/cve/cve-2021-39275" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/" }, { "trust": 0.6, "url": "httpd.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers." }, { "trust": 0.6, "url": "httpd-2.4.49-vwl69swq" }, { "trust": 0.6, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers." }, { "trust": 0.6, "url": "httpd.apache.org/security/vulnerabilities_24.html" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers." }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022030119" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031528" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165587/red-hat-security-advisory-2022-0143-03.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/166321/red-hat-security-advisory-2022-0891-01.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060624" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021101513" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022012038" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021102602" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022042538" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/169541/red-hat-security-advisory-2022-7143-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3357" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3234" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0217" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3250" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3591" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010632" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/168072/gentoo-linux-security-advisory-202208-20.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4004.7" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164318/ubuntu-security-notice-usn-5090-3.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0850" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6520016" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-06" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/168565/red-hat-security-advisory-2022-6753-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.2978" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4004.3" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4004.2" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4004.5" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022042295" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022011749" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6493845" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021092301" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022042117" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3387" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3341" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164329/ubuntu-security-notice-usn-5090-4.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022032013" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3148" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3544" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021091707" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021101101" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/apache-http-server-four-vulnerabilities-36444" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021101005" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34798" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160" }, { "trust": 0.3, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40438" }, { "trust": 0.3, "url": "https://ubuntu.com/security/notices/usn-5090-1" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-34798" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-36160" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-44224" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-33193" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0891" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-06" }, { "trust": 0.1, "url": "https://github.com/totes5706/toteshtb" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-44790" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-26691" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-26691" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0143" }, { "trust": 0.1, "url": "https://ubuntu.com/security/notices/usn-5090-2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.17" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.5" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.2" }, { "trust": 0.1, "url": "https://ubuntu.com/security/notices/usn-5090-3" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.6" }, { "trust": 0.1, "url": "https://launchpad.net/bugs/1945311" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.18" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.3" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/6975397" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-30556" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28614" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-22719" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29404" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-28614" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28615" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:6753" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30522" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-28615" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-31813" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30556" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-30522" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23943" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-22721" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-29404" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-23943" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26377" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-26377" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-25313" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-22822" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-22824" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-22826" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-22827" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-45960" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-41524" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41524" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-23990" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:7143" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-25315" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-25314" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-22823" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-25236" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-25235" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-23852" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-22825" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-46143" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-03225" }, { "db": "VULHUB", "id": "VHN-400791" }, { "db": "VULMON", "id": "CVE-2021-39275" }, { "db": "JVNDB", "id": "JVNDB-2021-008414" }, { "db": "PACKETSTORM", "id": "165587" }, { "db": "PACKETSTORM", "id": "164307" }, { "db": "PACKETSTORM", "id": "164305" }, { "db": "PACKETSTORM", "id": "164318" }, { "db": "PACKETSTORM", "id": "168565" }, { "db": "PACKETSTORM", "id": "169541" }, { "db": "CNNVD", "id": "CNNVD-202109-1098" }, { "db": "NVD", "id": "CVE-2021-39275" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-03225" }, { "db": "VULHUB", "id": "VHN-400791" }, { "db": "VULMON", "id": "CVE-2021-39275" }, { "db": "JVNDB", "id": "JVNDB-2021-008414" }, { "db": "PACKETSTORM", "id": "165587" }, { "db": "PACKETSTORM", "id": "164307" }, { "db": "PACKETSTORM", "id": "164305" }, { "db": "PACKETSTORM", "id": "164318" }, { "db": "PACKETSTORM", "id": "168565" }, { "db": "PACKETSTORM", "id": "169541" }, { "db": "CNNVD", "id": "CNNVD-202109-1098" }, { "db": "NVD", "id": "CVE-2021-39275" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2022-03225" }, { "date": "2021-09-16T00:00:00", "db": "VULHUB", "id": "VHN-400791" }, { "date": "2021-09-16T00:00:00", "db": "VULMON", "id": "CVE-2021-39275" }, { "date": "2022-03-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-008414" }, { "date": "2022-01-17T16:53:40", "db": "PACKETSTORM", "id": "165587" }, { "date": "2021-09-28T15:13:59", "db": "PACKETSTORM", "id": "164307" }, { "date": "2021-09-28T15:06:35", "db": "PACKETSTORM", "id": "164305" }, { "date": "2021-09-28T15:23:06", "db": "PACKETSTORM", "id": "164318" }, { "date": "2022-09-30T14:51:18", "db": "PACKETSTORM", "id": "168565" }, { "date": "2022-10-27T13:05:26", "db": "PACKETSTORM", "id": "169541" }, { "date": "2021-09-16T00:00:00", "db": "CNNVD", "id": "CNNVD-202109-1098" }, { "date": "2021-09-16T15:15:07.580000", "db": "NVD", "id": "CVE-2021-39275" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2022-03225" }, { "date": "2022-10-05T00:00:00", "db": "VULHUB", "id": "VHN-400791" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2021-39275" }, { "date": "2022-03-15T02:59:00", "db": "JVNDB", "id": "JVNDB-2021-008414" }, { "date": "2022-10-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202109-1098" }, { "date": "2023-11-07T03:37:38.873000", "db": "NVD", "id": "CVE-2021-39275" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "164307" }, { "db": "PACKETSTORM", "id": "164305" }, { "db": "PACKETSTORM", "id": "164318" }, { "db": "CNNVD", "id": "CNNVD-202109-1098" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache\u00a0HTTP\u00a0Server\u00a0 of \u00a0ap_escape_quotes()\u00a0 Vulnerability written beyond the end of the buffer in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-008414" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202109-1098" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.