Request a Demo
Rewterz
Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
December 30, 2021
Rewterz
Rewterz Threat Advisory – Multiple Wireshark Vulnerabilities
December 31, 2021

Rewterz Threat Advisory – Multiple Apache HTTP Vulnerabilities

Severity

High

Analysis Summary

CVE-2021-44790 

Apache HTTP Server is vulnerable to a buffer overflow, caused by improper bounds checking in the mod_lua multipart parser called from Lua scripts). By sending a specially crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2021-44224 

Apache HTTP Server is vulnerable to a denial of service or server-side request forgery. By sending a specially crafted URI to httpd configured as a forward proxy, an attacker could exploit this vulnerability to cause a NULL pointer to dereference. By sending a specially crafted URI to configurations mixing forward and reverse proxy declarations, an attacker could allow for requests to be directed to a declared Unix Domain Socket endpoint.

Impact

  • Buffer Overflow
  • Denial of ServicE

Affected Vendors

Apache

Affected Products

  • Apache HTTP Server 2.4.0
  • Apache HTTP Server 2.4.1
  • Apache HTTP Server 2.4.2
  • Apache HTTP Server 2.4.3
  • Apache HTTP Server 2.4.7
  • Apache HTTP Server 2.4.8
  • Apache HTTP Server 2.4.9
  • Apache HTTP Server 2.4.10

Remediation

Upgrade to the latest version of Apache HTTP Server, available from the Apache Web site.

https://httpd.apache.org/security/vulnerabilities_24.html