ID

VAR-202109-1804


CVE

CVE-2021-36160


TITLE

Apache HTTP Server  In  mod_proxy_uwsgi  Vulnerability in which is read beyond the allocated memory

Trust: 0.8

sources: JVNDB: JVNDB-2021-002672

DESCRIPTION

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). The server is fast, reliable and extensible through a simple API. The highest threat from this vulnerability is to system availability. ========================================================================== Ubuntu Security Notice USN-5090-4 September 28, 2021 apache2 regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: USN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem. Original advisory details: James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2021-34798) Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-39275) It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to forward requests to arbitrary origin servers. (CVE-2021-40438) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: apache2 2.4.18-2ubuntu3.17+esm3 apache2-bin 2.4.18-2ubuntu3.17+esm3 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd24-httpd security and bug fix update Advisory ID: RHSA-2022:6753-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2022:6753 Issue date: 2022-09-29 CVE Names: CVE-2021-33193 CVE-2021-34798 CVE-2021-36160 CVE-2021-39275 CVE-2021-44224 CVE-2022-22719 CVE-2022-22721 CVE-2022-23943 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813 ===================================================================== 1. Summary: An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Security Fix(es): * httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943) * httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193) * httpd: NULL pointer dereference via malformed requests (CVE-2021-34798) * httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160) * httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275) * httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224) * httpd: mod_lua: Use of uninitialized value of in r:parsebody (CVE-2022-22719) * httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721) * httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377) * httpd: mod_lua: DoS in r:parsebody (CVE-2022-29404) * httpd: mod_sed: DoS vulnerability (CVE-2022-30522) * httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813) * httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614) * httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615) * httpd: mod_lua: Information disclosure with websockets (CVE-2022-30556) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319) Additional changes: * To fix CVE-2022-29404, the default value for the "LimitRequestBody" directive in the Apache HTTP Server has been changed from 0 (unlimited) to 1 GiB. On systems where the value of "LimitRequestBody" is not explicitly specified in an httpd configuration file, updating the httpd package sets "LimitRequestBody" to the default value of 1 GiB. As a consequence, if the total size of the HTTP request body exceeds this 1 GiB default limit, httpd returns the 413 Request Entity Too Large error code. If the new default allowed size of an HTTP request message body is insufficient for your use case, update your httpd configuration files within the respective context (server, per-directory, per-file, or per-location) and set your preferred limit in bytes. For example, to set a new 2 GiB limit, use: LimitRequestBody 2147483648 Systems already configured to use any explicit value for the "LimitRequestBody" directive are unaffected by this change. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1966728 - CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy 2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input 2005124 - CVE-2021-36160 httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path 2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests 2034672 - CVE-2021-44224 httpd: possible NULL dereference or SSRF in forward proxy configurations 2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds 2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody 2064322 - CVE-2022-22719 httpd: mod_lua: Use of uninitialized value of in r:parsebody 2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling 2095002 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite() 2095006 - CVE-2022-28615 httpd: out-of-bounds read in ap_strcmp_match() 2095012 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody 2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability 2095018 - CVE-2022-30556 httpd: mod_lua: Information disclosure with websockets 2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: httpd24-httpd-2.4.34-23.el7.5.src.rpm noarch: httpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm ppc64le: httpd24-httpd-2.4.34-23.el7.5.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.5.ppc64le.rpm httpd24-httpd-devel-2.4.34-23.el7.5.ppc64le.rpm httpd24-httpd-tools-2.4.34-23.el7.5.ppc64le.rpm httpd24-mod_ldap-2.4.34-23.el7.5.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-23.el7.5.ppc64le.rpm httpd24-mod_session-2.4.34-23.el7.5.ppc64le.rpm httpd24-mod_ssl-2.4.34-23.el7.5.ppc64le.rpm s390x: httpd24-httpd-2.4.34-23.el7.5.s390x.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.5.s390x.rpm httpd24-httpd-devel-2.4.34-23.el7.5.s390x.rpm httpd24-httpd-tools-2.4.34-23.el7.5.s390x.rpm httpd24-mod_ldap-2.4.34-23.el7.5.s390x.rpm httpd24-mod_proxy_html-2.4.34-23.el7.5.s390x.rpm httpd24-mod_session-2.4.34-23.el7.5.s390x.rpm httpd24-mod_ssl-2.4.34-23.el7.5.s390x.rpm x86_64: httpd24-httpd-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-devel-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-tools-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_ldap-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_proxy_html-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_session-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_ssl-2.4.34-23.el7.5.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: httpd24-httpd-2.4.34-23.el7.5.src.rpm noarch: httpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm x86_64: httpd24-httpd-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-devel-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-tools-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_ldap-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_proxy_html-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_session-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_ssl-2.4.34-23.el7.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-33193 https://access.redhat.com/security/cve/CVE-2021-34798 https://access.redhat.com/security/cve/CVE-2021-36160 https://access.redhat.com/security/cve/CVE-2021-39275 https://access.redhat.com/security/cve/CVE-2021-44224 https://access.redhat.com/security/cve/CVE-2022-22719 https://access.redhat.com/security/cve/CVE-2022-22721 https://access.redhat.com/security/cve/CVE-2022-23943 https://access.redhat.com/security/cve/CVE-2022-26377 https://access.redhat.com/security/cve/CVE-2022-28614 https://access.redhat.com/security/cve/CVE-2022-28615 https://access.redhat.com/security/cve/CVE-2022-29404 https://access.redhat.com/security/cve/CVE-2022-30522 https://access.redhat.com/security/cve/CVE-2022-30556 https://access.redhat.com/security/cve/CVE-2022-31813 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/articles/6975397 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYzXoqNzjgjWX9erEAQhSKA//d1V5w3Dbdd0R1QxlXMIweLpztJrkXpmN EY7WAFIMy0MG64KNjZFF5i4USpUlCm/tZX/fHZas4JjhZBqLxNSqsOdPeynDqp+8 qZnnGiIhyO37S7x5v89VSaWngLpTi2f0d7RmJ05VJzAP8Q0a9cTqtIZiCsM18tTg BdoD1M/VWUhtPWCzgXiQVI8yF44IOenN2095OCv1Vxc3kiwQdbWcd7Uqz2TgVQ1m qeqh9AHqaDTwHVM9Ipj5oGp1Ue5zsyAEd77ClBCAzP3p7bWucfTErDrUSE3/hkDm H8BlPVPaOsRv0poFvvCODQhccC2bFc3uxoKzfSx+/WwkrU7vO/5/npmOfcwKfvBQ FYqhqADiUcfpJGENligpNAHLI+Pijrl2Tfwl0XbDa8+7KXQ0T75VG3Gq7dFlPcUm 965hFguLI0es2FpGcJldEqsc1XJxdkPmzTYhqDWLLED5X72dwQdtKwhMaFFVctK+ KyspQqaci6bVr9ETF89r0ZBmnxXjSIY7/ijySy0KnldW25t+ZGmLV4pM3CYb7ZVz qEm9I/oRD0JB/4C5Bk9j5nWF3gzE2MhYfeepqINGIbfvNPiP8G2LFL/CEz46isF9 rFUT/az/p5mdNEwwe5GhEgLkpk0fhcZiAtJ4bGRcJ9YRURh5rrMPtXmXP5THoMau 3VmN11LnfT4= =pvMD -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . For the oldstable distribution (buster), these problems have been fixed in version 2.4.38-3+deb10u6. For the stable distribution (bullseye), these problems have been fixed in version 2.4.51-1~deb11u1. We recommend that you upgrade your apache2 packages. For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmFgr44ACgkQEMKTtsN8 TjbophAAiZ+fhF2r8BUbQkL8BhpfqjA+hVsp9WEMTn8Gq6kiW0wLvK3jWPM301Ou D4gHqKmFPmYNC1KBOyk/lJdxyD7iTUweUyLi3WXzxhIDMx0kxkRw1oXlyCHzIqSJ M277bgk32h2cDCbsXjrN/8agKPcKgfwDqiyf/igfEq6V8OB2zVvJPKVFq45n54+q 4FPXSyx1g2u5ewSeXbU2uHDej6Qborui4osDdbwx8CT6aETi0cIXJ8RbXF3PUCHG 5DzZagnRq6GumPsl01jcPu7b9Ck8MlkxMSG3FRsSIJVkwpsQ2C34ywIJkFlzUZZh jhdVUrfbyfLpSdcPcipAAjl9I6gDqa9SFdMRK7ixCpQ6iTiVeDZdJ8pA4jnSweNQ THik07di9R0juX0p7peQiIyBKrEf7Y3WSvLOn0SBKXvZnzc/72rH2nP5FclsgCsV TWxptziGridC43KB8/tDJAAOXVF2lzylzF70V/UGTNo1jk9w3/p6btU1iuzKspyY Y4aPZla3DImI8mezrgFrGYNg7bZYLKuJyGDADKih2sUQpzmDZ6MJxKAE3NLRWyQa 7cCJdoNR9yVqytEw1Y/ZRXAXWfMb3Y1ts2EqR8hzLQgMYb0JC58cLMG3T0RgyPoO A4CTIoYpK1WnsykAE8M4XFrnOW3lrtse6T8N/dTVMuodElAEhc0= =/At6 -----END PGP SIGNATURE----- . 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Apache HTTPD: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #813429, #816399, #816864, #829722, #835131, #850622 ID: 202208-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Apache HTTPD users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54" All Apache HTTPD tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54" References ========= [ 1 ] CVE-2021-33193 https://nvd.nist.gov/vuln/detail/CVE-2021-33193 [ 2 ] CVE-2021-34798 https://nvd.nist.gov/vuln/detail/CVE-2021-34798 [ 3 ] CVE-2021-36160 https://nvd.nist.gov/vuln/detail/CVE-2021-36160 [ 4 ] CVE-2021-39275 https://nvd.nist.gov/vuln/detail/CVE-2021-39275 [ 5 ] CVE-2021-40438 https://nvd.nist.gov/vuln/detail/CVE-2021-40438 [ 6 ] CVE-2021-41524 https://nvd.nist.gov/vuln/detail/CVE-2021-41524 [ 7 ] CVE-2021-41773 https://nvd.nist.gov/vuln/detail/CVE-2021-41773 [ 8 ] CVE-2021-42013 https://nvd.nist.gov/vuln/detail/CVE-2021-42013 [ 9 ] CVE-2021-44224 https://nvd.nist.gov/vuln/detail/CVE-2021-44224 [ 10 ] CVE-2021-44790 https://nvd.nist.gov/vuln/detail/CVE-2021-44790 [ 11 ] CVE-2022-22719 https://nvd.nist.gov/vuln/detail/CVE-2022-22719 [ 12 ] CVE-2022-22720 https://nvd.nist.gov/vuln/detail/CVE-2022-22720 [ 13 ] CVE-2022-22721 https://nvd.nist.gov/vuln/detail/CVE-2022-22721 [ 14 ] CVE-2022-23943 https://nvd.nist.gov/vuln/detail/CVE-2022-23943 [ 15 ] CVE-2022-26377 https://nvd.nist.gov/vuln/detail/CVE-2022-26377 [ 16 ] CVE-2022-28614 https://nvd.nist.gov/vuln/detail/CVE-2022-28614 [ 17 ] CVE-2022-28615 https://nvd.nist.gov/vuln/detail/CVE-2022-28615 [ 18 ] CVE-2022-29404 https://nvd.nist.gov/vuln/detail/CVE-2022-29404 [ 19 ] CVE-2022-30522 https://nvd.nist.gov/vuln/detail/CVE-2022-30522 [ 20 ] CVE-2022-30556 https://nvd.nist.gov/vuln/detail/CVE-2022-30556 [ 21 ] CVE-2022-31813 https://nvd.nist.gov/vuln/detail/CVE-2022-31813 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-20 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience

Trust: 2.97

sources: NVD: CVE-2021-36160 // JVNDB: JVNDB-2021-002672 // CNVD: CNVD-2022-03205 // VULHUB: VHN-397448 // VULMON: CVE-2021-36160 // PACKETSTORM: 164329 // PACKETSTORM: 168565 // PACKETSTORM: 169132 // PACKETSTORM: 167073 // PACKETSTORM: 168072 // PACKETSTORM: 169540 // PACKETSTORM: 169541

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-03205

AFFECTED PRODUCTS

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.2

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:netappmodel:clustered data ontapscope:eqversion: -

Trust: 1.0

vendor:apachemodel:http serverscope:gteversion:2.4.30

Trust: 1.0

vendor:oraclemodel:communications cloud native core network function cloud native environmentscope:eqversion:1.10.0

Trust: 1.0

vendor:netappmodel:storagegridscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:http serverscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:apachemodel:http serverscope:lteversion:2.4.48

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.58

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.3

Trust: 1.0

vendor:oraclemodel:http serverscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.1

Trust: 1.0

vendor:oraclemodel:zfs storage appliance kitscope:eqversion:8.8

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.5.0.0

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.4.0.0

Trust: 1.0

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:35

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:broadcommodel:brocade fabric operating systemscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:fedoramodel:fedorascope: - version: -

Trust: 0.8

vendor:apachemodel:http serverscope: - version: -

Trust: 0.8

vendor:apachemodel:http serverscope:gteversion:2.4.30,<=2.4.48

Trust: 0.6

sources: CNVD: CNVD-2022-03205 // JVNDB: JVNDB-2021-002672 // NVD: CVE-2021-36160

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-36160
value: HIGH

Trust: 1.0

NVD: CVE-2021-36160
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-03205
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202109-1113
value: HIGH

Trust: 0.6

VULHUB: VHN-397448
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-36160
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-36160
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-03205
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-397448
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-36160
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-36160
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-03205 // VULHUB: VHN-397448 // VULMON: CVE-2021-36160 // JVNDB: JVNDB-2021-002672 // CNNVD: CNNVD-202109-1113 // NVD: CVE-2021-36160

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

problemtype:Out-of-bounds read (CWE-125) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-397448 // JVNDB: JVNDB-2021-002672 // NVD: CVE-2021-36160

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 164329 // PACKETSTORM: 168072 // CNNVD: CNNVD-202109-1113

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202109-1113

PATCH

title:FEDORA-2021-e3f6dd670durl:http://httpd.apache.org/security/vulnerabilities_24.html

Trust: 0.8

title:Patch for Apache HTTP Server Denial of Service Vulnerability (CNVD-2022-03205)url:https://www.cnvd.org.cn/patchInfo/show/313441

Trust: 0.6

title:Apache HTTP Server Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=163990

Trust: 0.6

title:Red Hat: Moderate: httpd:2.4 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221915 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2021-36160url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-36160

Trust: 0.1

title:Debian Security Advisories: DSA-4982-1 apache2 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=93a29f7ecf9a6aaba79d3b3320aa4b85

Trust: 0.1

title:Red Hat: Moderate: httpd24-httpd security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226753 - Security Advisory

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-36160 log

Trust: 0.1

title:Amazon Linux AMI: ALAS-2021-1543url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2021-1543

Trust: 0.1

title:Cisco: Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021url:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-apache-httpd-2.4.49-VWL69sWQ

Trust: 0.1

title:Amazon Linux 2: ALAS2-2021-1716url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1716

Trust: 0.1

title: - url:https://github.com/PierreChrd/py-projet-tut

Trust: 0.1

sources: CNVD: CNVD-2022-03205 // VULMON: CVE-2021-36160 // JVNDB: JVNDB-2021-002672 // CNNVD: CNNVD-202109-1113

EXTERNAL IDS

db:NVDid:CVE-2021-36160

Trust: 3.9

db:PACKETSTORMid:168072

Trust: 0.8

db:PACKETSTORMid:168565

Trust: 0.8

db:PACKETSTORMid:169541

Trust: 0.8

db:PACKETSTORMid:167073

Trust: 0.8

db:JVNDBid:JVNDB-2021-002672

Trust: 0.8

db:CNVDid:CNVD-2022-03205

Trust: 0.7

db:CNNVDid:CNNVD-202109-1113

Trust: 0.7

db:PACKETSTORMid:164329

Trust: 0.7

db:PACKETSTORMid:164318

Trust: 0.6

db:CS-HELPid:SB2022012041

Trust: 0.6

db:CS-HELPid:SB2022051150

Trust: 0.6

db:CS-HELPid:SB2021092301

Trust: 0.6

db:CS-HELPid:SB2021101101

Trust: 0.6

db:CS-HELPid:SB2021091707

Trust: 0.6

db:CS-HELPid:SB2021101513

Trust: 0.6

db:AUSCERTid:ESB-2021.4004.3

Trust: 0.6

db:AUSCERTid:ESB-2021.4004.2

Trust: 0.6

db:AUSCERTid:ESB-2021.3357

Trust: 0.6

db:AUSCERTid:ESB-2021.3387

Trust: 0.6

db:AUSCERTid:ESB-2021.4004.7

Trust: 0.6

db:AUSCERTid:ESB-2021.3591

Trust: 0.6

db:AUSCERTid:ESB-2021.3229

Trust: 0.6

db:AUSCERTid:ESB-2021.3248

Trust: 0.6

db:AUSCERTid:ESB-2021.3489

Trust: 0.6

db:AUSCERTid:ESB-2021.4004.5

Trust: 0.6

db:AUSCERTid:ESB-2021.3148

Trust: 0.6

db:PACKETSTORMid:169540

Trust: 0.2

db:VULHUBid:VHN-397448

Trust: 0.1

db:VULMONid:CVE-2021-36160

Trust: 0.1

db:PACKETSTORMid:169132

Trust: 0.1

sources: CNVD: CNVD-2022-03205 // VULHUB: VHN-397448 // VULMON: CVE-2021-36160 // JVNDB: JVNDB-2021-002672 // PACKETSTORM: 164329 // PACKETSTORM: 168565 // PACKETSTORM: 169132 // PACKETSTORM: 167073 // PACKETSTORM: 168072 // PACKETSTORM: 169540 // PACKETSTORM: 169541 // CNNVD: CNNVD-202109-1113 // NVD: CVE-2021-36160

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2021-36160

Trust: 2.1

url:https://security.gentoo.org/glsa/202208-20

Trust: 1.9

url:https://security.netapp.com/advisory/ntap-20211008-0004/

Trust: 1.8

url:https://www.debian.org/security/2021/dsa-4982

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2021/09/msg00016.html

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2021/10/msg00016.html

Trust: 1.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-httpd-2.4.49-vwl69swq

Trust: 1.2

url:http://httpd.apache.org/security/vulnerabilities_24.html

Trust: 1.2

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-

Trust: 1.2

url:https://access.redhat.com/security/cve/cve-2021-36160

Trust: 1.1

url:https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3cbugs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3cusers.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3cusers.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r73260f6ba9fb52e43d860905fc90462ba5a814afda2d011f32bbd41c%40%3cbugs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r7f2746e916ed370239bc1a1025e5ebbf345f79df9ea0ea39e44acfbb%40%3cbugs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3cusers.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3cusers.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r94a61a1517133a19dcf40016e87454ea86e355d06a0cec4c778530f3%40%3cbugs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/ra1c05a392587bfe34383dffe1213edc425de8d4afc25b7cefab3e781%40%3cbugs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/ra87a69d0703d09dc52b86e32b08f8d7327af10acdd5f577a4e82596a%40%3cbugs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rb2341c8786d0f9924f5b666e82d8d170b4804f50a523d750551bef1a%40%3cbugs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-33193

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-39275

Trust: 0.6

url:httpd.apache.org%3e

Trust: 0.6

url:https://lists.apache.org/thread.html/r73260f6ba9fb52e43d860905fc90462ba5a814afda2d011f32bbd41c@%3cbugs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r7f2746e916ed370239bc1a1025e5ebbf345f79df9ea0ea39e44acfbb@%3cbugs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r94a61a1517133a19dcf40016e87454ea86e355d06a0cec4c778530f3@%3cbugs.

Trust: 0.6

url:httpd.apache.org/security/vulnerabilities_24.html

Trust: 0.6

url:http://

Trust: 0.6

url:https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37@%3cbugs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers.

Trust: 0.6

url:https://lists.apache.org/thread.html/ra1c05a392587bfe34383dffe1213edc425de8d4afc25b7cefab3e781@%3cbugs.

Trust: 0.6

url:https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/ra87a69d0703d09dc52b86e32b08f8d7327af10acdd5f577a4e82596a@%3cbugs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers.

Trust: 0.6

url:https://lists.apache.org/thread.html/rb2341c8786d0f9924f5b666e82d8d170b4804f50a523d750551bef1a@%3cbugs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers.

Trust: 0.6

url:https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers.

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3229

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021101513

Trust: 0.6

url:https://packetstormsecurity.com/files/169541/red-hat-security-advisory-2022-7143-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3357

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3591

Trust: 0.6

url:https://packetstormsecurity.com/files/168072/gentoo-linux-security-advisory-202208-20.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4004.7

Trust: 0.6

url:https://packetstormsecurity.com/files/164318/ubuntu-security-notice-usn-5090-3.html

Trust: 0.6

url:https://packetstormsecurity.com/files/168565/red-hat-security-advisory-2022-6753-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4004.3

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4004.2

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4004.5

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021092301

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3387

Trust: 0.6

url:https://packetstormsecurity.com/files/164329/ubuntu-security-notice-usn-5090-4.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3248

Trust: 0.6

url:httpd-2.4.49-vwl69swq

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022051150

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3148

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3489

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012041

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021091707

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021101101

Trust: 0.6

url:https://vigilance.fr/vulnerability/apache-http-server-four-vulnerabilities-36444

Trust: 0.6

url:https://packetstormsecurity.com/files/167073/red-hat-security-advisory-2022-1915-01.html

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-44224

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-34798

Trust: 0.4

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-44224

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-33193

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-40438

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-39275

Trust: 0.3

url:https://access.redhat.com/security/team/key/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-41524

Trust: 0.3

url:https://lists.apache.org/thread.html/r73260f6ba9fb52e43d860905fc90462ba5a814afda2d011f32bbd41c@%3cbugs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/ra1c05a392587bfe34383dffe1213edc425de8d4afc25b7cefab3e781@%3cbugs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/r7f2746e916ed370239bc1a1025e5ebbf345f79df9ea0ea39e44acfbb@%3cbugs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37@%3cbugs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/r94a61a1517133a19dcf40016e87454ea86e355d06a0cec4c778530f3@%3cbugs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/ra87a69d0703d09dc52b86e32b08f8d7327af10acdd5f577a4e82596a@%3cbugs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/rb2341c8786d0f9924f5b666e82d8d170b4804f50a523d750551bef1a@%3cbugs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers.httpd.apache.org%3e

Trust: 0.2

url:https://access.redhat.com/errata/rhsa-2022:1915

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22721

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-28614

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-29404

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-28615

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-30522

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22719

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-30556

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-23943

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-26377

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-45960

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25313

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22823

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22822

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22824

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22824

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22826

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22827

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22822

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-45960

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-41524

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22827

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22826

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-23990

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-46143

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25315

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25314

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22823

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22825

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25236

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25235

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-23852

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-23852

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22825

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-46143

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://launchpad.net/bugs/xxxxxx

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5090-1

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5090-4

Trust: 0.1

url:https://access.redhat.com/articles/6975397

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30556

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22719

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-28614

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6753

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-34798

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-28615

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-31813

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30522

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22721

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-29404

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23943

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26377

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://security-tracker.debian.org/tracker/apache2

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35452

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35452

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-31813

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-44790

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-41773

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-42013

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22720

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:7144

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:7143

Trust: 0.1

sources: VULHUB: VHN-397448 // VULMON: CVE-2021-36160 // JVNDB: JVNDB-2021-002672 // PACKETSTORM: 164329 // PACKETSTORM: 168565 // PACKETSTORM: 169132 // PACKETSTORM: 167073 // PACKETSTORM: 168072 // PACKETSTORM: 169540 // PACKETSTORM: 169541 // CNNVD: CNNVD-202109-1113 // NVD: CVE-2021-36160

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 168565 // PACKETSTORM: 167073 // PACKETSTORM: 169540 // PACKETSTORM: 169541

SOURCES

db:CNVDid:CNVD-2022-03205
db:VULHUBid:VHN-397448
db:VULMONid:CVE-2021-36160
db:JVNDBid:JVNDB-2021-002672
db:PACKETSTORMid:164329
db:PACKETSTORMid:168565
db:PACKETSTORMid:169132
db:PACKETSTORMid:167073
db:PACKETSTORMid:168072
db:PACKETSTORMid:169540
db:PACKETSTORMid:169541
db:CNNVDid:CNNVD-202109-1113
db:NVDid:CVE-2021-36160

LAST UPDATE DATE

2024-11-20T21:16:16.395000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-03205date:2022-01-13T00:00:00
db:VULHUBid:VHN-397448date:2022-10-18T00:00:00
db:VULMONid:CVE-2021-36160date:2022-08-15T00:00:00
db:JVNDBid:JVNDB-2021-002672date:2021-09-29T06:16:00
db:CNNVDid:CNNVD-202109-1113date:2022-10-28T00:00:00
db:NVDid:CVE-2021-36160date:2023-11-07T03:36:43.407

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-03205date:2022-01-13T00:00:00
db:VULHUBid:VHN-397448date:2021-09-16T00:00:00
db:VULMONid:CVE-2021-36160date:2021-09-16T00:00:00
db:JVNDBid:JVNDB-2021-002672date:2021-09-29T00:00:00
db:PACKETSTORMid:164329date:2021-09-29T14:50:01
db:PACKETSTORMid:168565date:2022-09-30T14:51:18
db:PACKETSTORMid:169132date:2021-10-28T19:12:00
db:PACKETSTORMid:167073date:2022-05-11T16:37:39
db:PACKETSTORMid:168072date:2022-08-15T16:02:48
db:PACKETSTORMid:169540date:2022-10-27T13:05:19
db:PACKETSTORMid:169541date:2022-10-27T13:05:26
db:CNNVDid:CNNVD-202109-1113date:2021-09-16T00:00:00
db:NVDid:CVE-2021-36160date:2021-09-16T15:15:07.330