Rewterz Threat Advisory – CVE-2021-43410 – Apache Airavata Django Portal Vulnerability

Rewterz – Annual Threat Intelligence Report 2021

December 6, 2021

Rewterz Threat Advisory – CVE-2021-42717 – F5 NGINX ModSecurity WAF

December 7, 2021

Rewterz Threat Advisory – CVE-2021-43410 – Apache Airavata Django Portal Vulnerability

Severity

Medium

Analysis Summary

CVE-2021-43410

Apache Airavata Django Portal is vulnerable to CRLF injection, caused by the lack of escaping in the log statements. By sending a specially-crafted HTTP response containing CRLF character sequences, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

Impact

Data Manipulation

Affected Vendors

Apache

Affected Products

Apache Airavata Django Portal

Remediation

Refer to Apache Advisory for patch, upgrade, or suggested workaround information.

https://seclists.org/oss-sec/2021/q4/146

Rewterz – Annual Threat Intelligence Report 2021

Rewterz Threat Advisory – CVE-2021-42717 – F5 NGINX ModSecurity WAF

Rewterz Threat Advisory – CVE-2021-43410 – Apache Airavata Django Portal Vulnerability

Severity

Analysis Summary

CVE-2021-43410

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan