FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Apache httpd -- multiple vulnerabilities

Affected packages
		apache24	<	2.4.49

Details

VuXML ID	882a38f9-17dd-11ec-b335-d4c9ef517024
Discovery	2021-09-16
Entry	2021-09-17
Modified	2021-09-28

The Apache project reports:

moderate: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)

moderate: NULL pointer dereference in httpd core (CVE-2021-34798)

moderate: mod_proxy_uwsgi out of bound read (CVE-2021-36160)

low: ap_escape_quotes buffer overflow (CVE-2021-39275)

high: mod_proxy SSRF (CVE-2021-40438)

[source]

References

CVE Name	CVE-2021-33193
CVE Name	CVE-2021-34798
CVE Name	CVE-2021-36160
CVE Name	CVE-2021-39275
CVE Name	CVE-2021-40438
URL	http://httpd.apache.org/security/vulnerabilities_24.html