 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.112905 |
| Kategorie: | Web Servers |
| Titel: | Apache HTTP Server 2.4.47 NULL Pointer Dereference Vulnerability - Linux |
| Zusammenfassung: | Apache HTTP Server is prone to a NULL pointer dereference; vulnerability. |
| Beschreibung: | Summary: Apache HTTP Server is prone to a NULL pointer dereference vulnerability. Vulnerability Insight: Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions an HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Vulnerability Impact: Successful exploitation will allow an attacker to crash the server. Affected Software/OS: Apache HTTP Server version 2.4.47 only. Solution: Update to version 2.4.48 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2021-31618 https://security.netapp.com/advisory/ntap-20210727-0008/ Debian Security Information: DSA-4937 (Google Search) https://www.debian.org/security/2021/dsa-4937 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/ https://security.gentoo.org/glsa/202107-38 http://httpd.apache.org/security/vulnerabilities_24.html https://seclists.org/oss-sec/2021/q2/206 https://www.oracle.com/security-alerts/cpuoct2021.html https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f@%3Ccvs.httpd.apache.org%3E http://www.openwall.com/lists/oss-security/2021/06/10/9 http://www.openwall.com/lists/oss-security/2024/03/13/2 |
| Copyright | Copyright (C) 2021 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |