Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2021-31618
Modified
More InfoOfficial Page
Source-security@apache.org
View Known Exploited Vulnerability (KEV) details
Published At-15 Jun, 2021 | 09:15
Updated At-01 May, 2024 | 17:15

Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server. This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
The Apache Software Foundation
apache
>>http_server>>1.15.17
cpe:2.3:a:apache:http_server:1.15.17:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>2.4.47
cpe:2.3:a:apache:http_server:2.4.47:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>33
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>34
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>enterprise_manager_ops_center>>12.4.0.0
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>instantis_enterprisetrack>>17.1
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>instantis_enterprisetrack>>17.2
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>instantis_enterprisetrack>>17.3
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>zfs_storage_appliance_kit>>8.8
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-476Primarynvd@nist.gov
CWE-476Secondarysecurity@apache.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://httpd.apache.org/security/vulnerabilities_24.htmlsecurity@apache.org
Release Notes
Vendor Advisory
http://www.openwall.com/lists/oss-security/2021/06/10/9security@apache.org
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/03/13/2security@apache.org
N/A
https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3Esecurity@apache.org
N/A
https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3Esecurity@apache.org
N/A
https://lists.debian.org/debian-lts-announce/2021/07/msg00006.htmlsecurity@apache.org
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/security@apache.org
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/security@apache.org
N/A
https://seclists.org/oss-sec/2021/q2/206security@apache.org
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/202107-38security@apache.org
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210727-0008/security@apache.org
Third Party Advisory
https://www.debian.org/security/2021/dsa-4937security@apache.org
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.htmlsecurity@apache.org
Patch
Third Party Advisory
Change History
0Changes found
Details not found