Details of VAR-202109-1804

ID

VAR-202109-1804

CVE

CVE-2021-36160

TITLE

Apache HTTP Server In mod_proxy_uwsgi Vulnerability in which is read beyond the allocated memory

Trust: 0.8

sources: JVNDB: JVNDB-2021-002672

DESCRIPTION

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). The server is fast, reliable and extensible through a simple API. The highest threat from this vulnerability is to system availability. For the oldstable distribution (buster), these problems have been fixed in version 2.4.38-3+deb10u6. For the stable distribution (bullseye), these problems have been fixed in version 2.4.51-1~deb11u1. We recommend that you upgrade your apache2 packages. For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmFgr44ACgkQEMKTtsN8 TjbophAAiZ+fhF2r8BUbQkL8BhpfqjA+hVsp9WEMTn8Gq6kiW0wLvK3jWPM301Ou D4gHqKmFPmYNC1KBOyk/lJdxyD7iTUweUyLi3WXzxhIDMx0kxkRw1oXlyCHzIqSJ M277bgk32h2cDCbsXjrN/8agKPcKgfwDqiyf/igfEq6V8OB2zVvJPKVFq45n54+q 4FPXSyx1g2u5ewSeXbU2uHDej6Qborui4osDdbwx8CT6aETi0cIXJ8RbXF3PUCHG 5DzZagnRq6GumPsl01jcPu7b9Ck8MlkxMSG3FRsSIJVkwpsQ2C34ywIJkFlzUZZh jhdVUrfbyfLpSdcPcipAAjl9I6gDqa9SFdMRK7ixCpQ6iTiVeDZdJ8pA4jnSweNQ THik07di9R0juX0p7peQiIyBKrEf7Y3WSvLOn0SBKXvZnzc/72rH2nP5FclsgCsV TWxptziGridC43KB8/tDJAAOXVF2lzylzF70V/UGTNo1jk9w3/p6btU1iuzKspyY Y4aPZla3DImI8mezrgFrGYNg7bZYLKuJyGDADKih2sUQpzmDZ6MJxKAE3NLRWyQa 7cCJdoNR9yVqytEw1Y/ZRXAXWfMb3Y1ts2EqR8hzLQgMYb0JC58cLMG3T0RgyPoO A4CTIoYpK1WnsykAE8M4XFrnOW3lrtse6T8N/dTVMuodElAEhc0= =/At6 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd:2.4 security and bug fix update Advisory ID: RHSA-2022:1915-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1915 Issue date: 2022-05-10 CVE Names: CVE-2020-35452 CVE-2021-33193 CVE-2021-36160 CVE-2021-44224 ===================================================================== 1. Summary: An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Security Fix(es): * httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193) * httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160) * httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224) * httpd: Single zero byte stack overflow in mod_auth_digest (CVE-2020-35452) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1966724 - CVE-2020-35452 httpd: Single zero byte stack overflow in mod_auth_digest 1966728 - CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy 1984828 - mod_proxy_hcheck piles up health checks leading to high memory consumption 2001046 - Apache httpd OOME with mod_dav in RHEL 8 2005124 - CVE-2021-36160 httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path 2034672 - CVE-2021-44224 httpd: possible NULL dereference or SSRF in forward proxy configurations 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: httpd-2.4.37-47.module+el8.6.0+14529+083145da.1.src.rpm mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.src.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm aarch64: httpd-2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64.rpm httpd-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64.rpm httpd-debugsource-2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64.rpm httpd-devel-2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64.rpm httpd-tools-2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64.rpm httpd-tools-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64.rpm mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.aarch64.rpm mod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.aarch64.rpm mod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.aarch64.rpm mod_ldap-2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64.rpm mod_ldap-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_proxy_html-2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64.rpm mod_proxy_html-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64.rpm mod_session-2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64.rpm mod_session-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64.rpm mod_ssl-2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64.rpm mod_ssl-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64.rpm noarch: httpd-filesystem-2.4.37-47.module+el8.6.0+14529+083145da.1.noarch.rpm httpd-manual-2.4.37-47.module+el8.6.0+14529+083145da.1.noarch.rpm ppc64le: httpd-2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le.rpm httpd-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le.rpm httpd-debugsource-2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le.rpm httpd-devel-2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le.rpm httpd-tools-2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le.rpm httpd-tools-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le.rpm mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.ppc64le.rpm mod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.ppc64le.rpm mod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.ppc64le.rpm mod_ldap-2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le.rpm mod_ldap-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_proxy_html-2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le.rpm mod_proxy_html-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le.rpm mod_session-2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le.rpm mod_session-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le.rpm mod_ssl-2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le.rpm mod_ssl-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le.rpm s390x: httpd-2.4.37-47.module+el8.6.0+14529+083145da.1.s390x.rpm httpd-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.s390x.rpm httpd-debugsource-2.4.37-47.module+el8.6.0+14529+083145da.1.s390x.rpm httpd-devel-2.4.37-47.module+el8.6.0+14529+083145da.1.s390x.rpm httpd-tools-2.4.37-47.module+el8.6.0+14529+083145da.1.s390x.rpm httpd-tools-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.s390x.rpm mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.s390x.rpm mod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.s390x.rpm mod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.s390x.rpm mod_ldap-2.4.37-47.module+el8.6.0+14529+083145da.1.s390x.rpm mod_ldap-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.s390x.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_proxy_html-2.4.37-47.module+el8.6.0+14529+083145da.1.s390x.rpm mod_proxy_html-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.s390x.rpm mod_session-2.4.37-47.module+el8.6.0+14529+083145da.1.s390x.rpm mod_session-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.s390x.rpm mod_ssl-2.4.37-47.module+el8.6.0+14529+083145da.1.s390x.rpm mod_ssl-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.s390x.rpm x86_64: httpd-2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64.rpm httpd-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64.rpm httpd-debugsource-2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64.rpm httpd-devel-2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64.rpm httpd-tools-2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64.rpm httpd-tools-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64.rpm mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.x86_64.rpm mod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.x86_64.rpm mod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.x86_64.rpm mod_ldap-2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64.rpm mod_ldap-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_proxy_html-2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64.rpm mod_proxy_html-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64.rpm mod_session-2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64.rpm mod_session-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64.rpm mod_ssl-2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64.rpm mod_ssl-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-35452 https://access.redhat.com/security/cve/CVE-2021-33193 https://access.redhat.com/security/cve/CVE-2021-36160 https://access.redhat.com/security/cve/CVE-2021-44224 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYnqRXtzjgjWX9erEAQj4aQ//XPsVETk95gk9J5gSXYdo5X2WgsqmS+nH 5M32OQ19Rv2z0+bJUStI1wf2haa/+LyIXD2nj2LvWr572GUkaUsahbZwy8mCjkh0 XVv9JUeV51Ifel/HUgn3M8I1LENwt0xucOa8lgurhAE7YWfTOJT5PTH73HoSoOIa e9VFeScMaU93on/mtBaUAne+W+3qDPS47/Gml0S9CQDzs0W6qwpg5wqAdJDfqYdS GMRn8U6O3xix4nwb5szdfV176JrO7yytPx6hA2t9ujM8qgQ+FJ/BvBOn7ge+2vb7 fNZfuu6laq5/sd8ScsvRYrs5g4d2PWZZ27fv3RA9B93L/kbtR0rG+nBdfJCGiQuz f3CcZY08HDxy47Xee4UXts0jycukZoGh7ySOfwdbxhgPCOVTme+Vi/aqtjGS+9jz WFgj0T6kBs+f3lyGBNTLcNwGnCPIrNA+GNLMZIOB72RMGrY3K/iC4SNYVr5W5HyT Ae+3Oc1M5/JjxkrVQJXTd/r4YJiBUYuS1klZMSYAobRqv59Kg2NkQ+SYg/7V73kw eflr/kPIOMzdHIqfdmWE9oM2VMwaFg4oF0xJfuY/Oik1OQDyFaZPW0E2joqbCzGn Rye+bwI2+eGav+J42igT0nopp37O5sT+uhMG7Lmk3Wa2Q+t0PzB0UcJDN19mT7v2 +X/1OrMch2A= =OXCc -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Apache HTTPD: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #813429, #816399, #816864, #829722, #835131, #850622 ID: 202208-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Apache HTTPD users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54" All Apache HTTPD tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54" References ========= [ 1 ] CVE-2021-33193 https://nvd.nist.gov/vuln/detail/CVE-2021-33193 [ 2 ] CVE-2021-34798 https://nvd.nist.gov/vuln/detail/CVE-2021-34798 [ 3 ] CVE-2021-36160 https://nvd.nist.gov/vuln/detail/CVE-2021-36160 [ 4 ] CVE-2021-39275 https://nvd.nist.gov/vuln/detail/CVE-2021-39275 [ 5 ] CVE-2021-40438 https://nvd.nist.gov/vuln/detail/CVE-2021-40438 [ 6 ] CVE-2021-41524 https://nvd.nist.gov/vuln/detail/CVE-2021-41524 [ 7 ] CVE-2021-41773 https://nvd.nist.gov/vuln/detail/CVE-2021-41773 [ 8 ] CVE-2021-42013 https://nvd.nist.gov/vuln/detail/CVE-2021-42013 [ 9 ] CVE-2021-44224 https://nvd.nist.gov/vuln/detail/CVE-2021-44224 [ 10 ] CVE-2021-44790 https://nvd.nist.gov/vuln/detail/CVE-2021-44790 [ 11 ] CVE-2022-22719 https://nvd.nist.gov/vuln/detail/CVE-2022-22719 [ 12 ] CVE-2022-22720 https://nvd.nist.gov/vuln/detail/CVE-2022-22720 [ 13 ] CVE-2022-22721 https://nvd.nist.gov/vuln/detail/CVE-2022-22721 [ 14 ] CVE-2022-23943 https://nvd.nist.gov/vuln/detail/CVE-2022-23943 [ 15 ] CVE-2022-26377 https://nvd.nist.gov/vuln/detail/CVE-2022-26377 [ 16 ] CVE-2022-28614 https://nvd.nist.gov/vuln/detail/CVE-2022-28614 [ 17 ] CVE-2022-28615 https://nvd.nist.gov/vuln/detail/CVE-2022-28615 [ 18 ] CVE-2022-29404 https://nvd.nist.gov/vuln/detail/CVE-2022-29404 [ 19 ] CVE-2022-30522 https://nvd.nist.gov/vuln/detail/CVE-2022-30522 [ 20 ] CVE-2022-30556 https://nvd.nist.gov/vuln/detail/CVE-2022-30556 [ 21 ] CVE-2022-31813 https://nvd.nist.gov/vuln/detail/CVE-2022-31813 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-20 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-5090-3 September 28, 2021 apache2 regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: USN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem. Original advisory details: James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2021-34798) Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-39275) It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to forward requests to arbitrary origin servers. (CVE-2021-40438) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: apache2 2.4.46-4ubuntu1.3 apache2-bin 2.4.46-4ubuntu1.3 Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.6 apache2-bin 2.4.41-4ubuntu3.6 Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.18 apache2-bin 2.4.29-1ubuntu4.18 In general, a standard system update will make all the necessary changes

Trust: 2.88

sources: NVD: CVE-2021-36160 // JVNDB: JVNDB-2021-002672 // CNVD: CNVD-2022-03205 // VULHUB: VHN-397448 // VULMON: CVE-2021-36160 // PACKETSTORM: 169132 // PACKETSTORM: 167073 // PACKETSTORM: 168072 // PACKETSTORM: 164305 // PACKETSTORM: 164329 // PACKETSTORM: 164318

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-03205

AFFECTED PRODUCTS

vendor:	oracle	model:	instantis enterprisetrack	scope:	eq	version:	17.2	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	34	Trust: 1.0
vendor:	netapp	model:	clustered data ontap	scope:	eq	version:	-	Trust: 1.0
vendor:	apache	model:	http server	scope:	gte	version:	2.4.30	Trust: 1.0
vendor:	oracle	model:	communications cloud native core network function cloud native environment	scope:	eq	version:	1.10.0	Trust: 1.0
vendor:	netapp	model:	storagegrid	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	http server	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	apache	model:	http server	scope:	lte	version:	2.4.48	Trust: 1.0
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.58	Trust: 1.0
vendor:	oracle	model:	instantis enterprisetrack	scope:	eq	version:	17.3	Trust: 1.0
vendor:	oracle	model:	http server	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	oracle	model:	instantis enterprisetrack	scope:	eq	version:	17.1	Trust: 1.0
vendor:	oracle	model:	zfs storage appliance kit	scope:	eq	version:	8.8	Trust: 1.0
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	13.5.0.0	Trust: 1.0
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	13.4.0.0	Trust: 1.0
vendor:	netapp	model:	cloud backup	scope:	eq	version:	-	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	35	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	11.0	Trust: 1.0
vendor:	broadcom	model:	brocade fabric operating system	scope:	eq	version:	-	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	fedora	model:	fedora	scope:	-	version:	-	Trust: 0.8
vendor:	apache	model:	http server	scope:	-	version:	-	Trust: 0.8
vendor:	apache	model:	http server	scope:	gte	version:	2.4.30,<=2.4.48	Trust: 0.6

sources: CNVD: CNVD-2022-03205 // JVNDB: JVNDB-2021-002672 // NVD: CVE-2021-36160

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-36160
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-36160
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-03205
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202109-1113
value:	HIGH
Trust: 0.6
VULHUB:	VHN-397448
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-36160
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-36160
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-03205
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-397448
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-36160
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-36160
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-03205 // VULHUB: VHN-397448 // VULMON: CVE-2021-36160 // JVNDB: JVNDB-2021-002672 // CNNVD: CNNVD-202109-1113 // NVD: CVE-2021-36160

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.1
problemtype:	Out-of-bounds read (CWE-125) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-397448 // JVNDB: JVNDB-2021-002672 // NVD: CVE-2021-36160

THREAT TYPE

remote

Trust: 1.0

sources: PACKETSTORM: 168072 // PACKETSTORM: 164305 // PACKETSTORM: 164329 // PACKETSTORM: 164318 // CNNVD: CNNVD-202109-1113

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202109-1113

PATCH

title:	FEDORA-2021-e3f6dd670d	url:	http://httpd.apache.org/security/vulnerabilities_24.html	Trust: 0.8
title:	Patch for Apache HTTP Server Denial of Service Vulnerability (CNVD-2022-03205)	url:	https://www.cnvd.org.cn/patchInfo/show/313441	Trust: 0.6
title:	Apache HTTP Server Buffer error vulnerability fix	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=163990	Trust: 0.6
title:	Red Hat: Moderate: httpd:2.4 security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221915 - Security Advisory	Trust: 0.1
title:	Red Hat: CVE-2021-36160	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-36160	Trust: 0.1
title:	Debian Security Advisories: DSA-4982-1 apache2 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=93a29f7ecf9a6aaba79d3b3320aa4b85	Trust: 0.1
title:	Red Hat: Moderate: httpd24-httpd security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226753 - Security Advisory	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-36160 log	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2021-1543	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2021-1543	Trust: 0.1
title:	Cisco: Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-apache-httpd-2.4.49-VWL69sWQ	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2021-1716	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1716	Trust: 0.1
title:	-	url:	https://github.com/PierreChrd/py-projet-tut	Trust: 0.1

sources: CNVD: CNVD-2022-03205 // VULMON: CVE-2021-36160 // JVNDB: JVNDB-2021-002672 // CNNVD: CNNVD-202109-1113

EXTERNAL IDS

db:	NVD	id:	CVE-2021-36160	Trust: 3.8
db:	PACKETSTORM	id:	168072	Trust: 0.8
db:	PACKETSTORM	id:	167073	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-002672	Trust: 0.8
db:	CNVD	id:	CNVD-2022-03205	Trust: 0.7
db:	CNNVD	id:	CNNVD-202109-1113	Trust: 0.7
db:	PACKETSTORM	id:	168565	Trust: 0.7
db:	PACKETSTORM	id:	169541	Trust: 0.7
db:	PACKETSTORM	id:	164329	Trust: 0.7
db:	PACKETSTORM	id:	164318	Trust: 0.7
db:	CS-HELP	id:	SB2022012041	Trust: 0.6
db:	CS-HELP	id:	SB2022051150	Trust: 0.6
db:	CS-HELP	id:	SB2021092301	Trust: 0.6
db:	CS-HELP	id:	SB2021101101	Trust: 0.6
db:	CS-HELP	id:	SB2021091707	Trust: 0.6
db:	CS-HELP	id:	SB2021101513	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4004.3	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4004.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3357	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3387	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4004.7	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3591	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3229	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3248	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3489	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4004.5	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3148	Trust: 0.6
db:	PACKETSTORM	id:	169540	Trust: 0.1
db:	VULHUB	id:	VHN-397448	Trust: 0.1
db:	VULMON	id:	CVE-2021-36160	Trust: 0.1
db:	PACKETSTORM	id:	169132	Trust: 0.1
db:	PACKETSTORM	id:	164305	Trust: 0.1

sources: CNVD: CNVD-2022-03205 // VULHUB: VHN-397448 // VULMON: CVE-2021-36160 // JVNDB: JVNDB-2021-002672 // PACKETSTORM: 169132 // PACKETSTORM: 167073 // PACKETSTORM: 168072 // PACKETSTORM: 164305 // PACKETSTORM: 164329 // PACKETSTORM: 164318 // CNNVD: CNNVD-202109-1113 // NVD: CVE-2021-36160

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2021-36160	Trust: 2.0
url:	https://security.gentoo.org/glsa/202208-20	Trust: 1.9
url:	https://security.netapp.com/advisory/ntap-20211008-0004/	Trust: 1.8
url:	https://www.debian.org/security/2021/dsa-4982	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpujan2022.html	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2021/09/msg00016.html	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2021/10/msg00016.html	Trust: 1.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-httpd-2.4.49-vwl69swq	Trust: 1.2
url:	http://httpd.apache.org/security/vulnerabilities_24.html	Trust: 1.2
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-	Trust: 1.2
url:	https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3cbugs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3cusers.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3cusers.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r73260f6ba9fb52e43d860905fc90462ba5a814afda2d011f32bbd41c%40%3cbugs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r7f2746e916ed370239bc1a1025e5ebbf345f79df9ea0ea39e44acfbb%40%3cbugs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3cusers.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3cusers.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r94a61a1517133a19dcf40016e87454ea86e355d06a0cec4c778530f3%40%3cbugs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/ra1c05a392587bfe34383dffe1213edc425de8d4afc25b7cefab3e781%40%3cbugs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/ra87a69d0703d09dc52b86e32b08f8d7327af10acdd5f577a4e82596a%40%3cbugs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rb2341c8786d0f9924f5b666e82d8d170b4804f50a523d750551bef1a%40%3cbugs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2021-36160	Trust: 0.8
url:	httpd.apache.org%3e	Trust: 0.6
url:	https://lists.apache.org/thread.html/r73260f6ba9fb52e43d860905fc90462ba5a814afda2d011f32bbd41c@%3cbugs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r7f2746e916ed370239bc1a1025e5ebbf345f79df9ea0ea39e44acfbb@%3cbugs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r94a61a1517133a19dcf40016e87454ea86e355d06a0cec4c778530f3@%3cbugs.	Trust: 0.6
url:	httpd.apache.org/security/vulnerabilities_24.html	Trust: 0.6
url:	http://	Trust: 0.6
url:	https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37@%3cbugs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers.	Trust: 0.6
url:	https://lists.apache.org/thread.html/ra1c05a392587bfe34383dffe1213edc425de8d4afc25b7cefab3e781@%3cbugs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/ra87a69d0703d09dc52b86e32b08f8d7327af10acdd5f577a4e82596a@%3cbugs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers.	Trust: 0.6
url:	https://lists.apache.org/thread.html/rb2341c8786d0f9924f5b666e82d8d170b4804f50a523d750551bef1a@%3cbugs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers.	Trust: 0.6
url:	https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers.	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3229	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021101513	Trust: 0.6
url:	https://packetstormsecurity.com/files/169541/red-hat-security-advisory-2022-7143-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3357	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3591	Trust: 0.6
url:	https://packetstormsecurity.com/files/168072/gentoo-linux-security-advisory-202208-20.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4004.7	Trust: 0.6
url:	https://packetstormsecurity.com/files/164318/ubuntu-security-notice-usn-5090-3.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/168565/red-hat-security-advisory-2022-6753-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4004.3	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4004.2	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4004.5	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021092301	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3387	Trust: 0.6
url:	https://packetstormsecurity.com/files/164329/ubuntu-security-notice-usn-5090-4.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3248	Trust: 0.6
url:	httpd-2.4.49-vwl69swq	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022051150	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3148	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3489	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022012041	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021091707	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021101101	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apache-http-server-four-vulnerabilities-36444	Trust: 0.6
url:	https://packetstormsecurity.com/files/167073/red-hat-security-advisory-2022-1915-01.html	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-40438	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34798	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39275	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33193	Trust: 0.5
url:	https://ubuntu.com/security/notices/usn-5090-1	Trust: 0.3
url:	https://lists.apache.org/thread.html/r73260f6ba9fb52e43d860905fc90462ba5a814afda2d011f32bbd41c@%3cbugs.httpd.apache.org%3e	Trust: 0.2
url:	https://lists.apache.org/thread.html/ra1c05a392587bfe34383dffe1213edc425de8d4afc25b7cefab3e781@%3cbugs.httpd.apache.org%3e	Trust: 0.2
url:	https://lists.apache.org/thread.html/r7f2746e916ed370239bc1a1025e5ebbf345f79df9ea0ea39e44acfbb@%3cbugs.httpd.apache.org%3e	Trust: 0.2
url:	https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37@%3cbugs.httpd.apache.org%3e	Trust: 0.2
url:	https://lists.apache.org/thread.html/r94a61a1517133a19dcf40016e87454ea86e355d06a0cec4c778530f3@%3cbugs.httpd.apache.org%3e	Trust: 0.2
url:	https://lists.apache.org/thread.html/ra87a69d0703d09dc52b86e32b08f8d7327af10acdd5f577a4e82596a@%3cbugs.httpd.apache.org%3e	Trust: 0.2
url:	https://lists.apache.org/thread.html/rb2341c8786d0f9924f5b666e82d8d170b4804f50a523d750551bef1a@%3cbugs.httpd.apache.org%3e	Trust: 0.2
url:	https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70@%3ccvs.httpd.apache.org%3e	Trust: 0.2
url:	https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d@%3ccvs.httpd.apache.org%3e	Trust: 0.2
url:	https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers.httpd.apache.org%3e	Trust: 0.2
url:	https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers.httpd.apache.org%3e	Trust: 0.2
url:	https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers.httpd.apache.org%3e	Trust: 0.2
url:	https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers.httpd.apache.org%3e	Trust: 0.2
url:	https://access.redhat.com/errata/rhsa-2022:1915	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44224	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/125.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/apache2	Trust: 0.1
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://access.redhat.com/security/team/key/	Trust: 0.1
url:	https://access.redhat.com/articles/11258	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33193	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/	Trust: 0.1
url:	https://access.redhat.com/security/team/contact/	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35452	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-35452	Trust: 0.1
url:	https://bugzilla.redhat.com/):	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-44224	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22721	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-28614	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-31813	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-29404	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44790	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-28615	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-30522	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41773	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41524	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22719	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-30556	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-42013	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23943	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22720	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26377	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.17	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.5	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.2	Trust: 0.1
url:	https://launchpad.net/bugs/xxxxxx	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5090-4	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5090-3	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.6	Trust: 0.1
url:	https://launchpad.net/bugs/1945311	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.18	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.3	Trust: 0.1

sources: VULHUB: VHN-397448 // VULMON: CVE-2021-36160 // JVNDB: JVNDB-2021-002672 // PACKETSTORM: 169132 // PACKETSTORM: 167073 // PACKETSTORM: 168072 // PACKETSTORM: 164305 // PACKETSTORM: 164329 // PACKETSTORM: 164318 // CNNVD: CNNVD-202109-1113 // NVD: CVE-2021-36160

CREDITS

Ubuntu

Trust: 0.3

sources: PACKETSTORM: 164305 // PACKETSTORM: 164329 // PACKETSTORM: 164318

SOURCES

db:	CNVD	id:	CNVD-2022-03205
db:	VULHUB	id:	VHN-397448
db:	VULMON	id:	CVE-2021-36160
db:	JVNDB	id:	JVNDB-2021-002672
db:	PACKETSTORM	id:	169132
db:	PACKETSTORM	id:	167073
db:	PACKETSTORM	id:	168072
db:	PACKETSTORM	id:	164305
db:	PACKETSTORM	id:	164329
db:	PACKETSTORM	id:	164318
db:	CNNVD	id:	CNNVD-202109-1113
db:	NVD	id:	CVE-2021-36160

LAST UPDATE DATE

2025-03-28T20:10:29.195000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-03205	date:	2022-01-13T00:00:00
db:	VULHUB	id:	VHN-397448	date:	2022-10-18T00:00:00
db:	VULMON	id:	CVE-2021-36160	date:	2022-08-15T00:00:00
db:	JVNDB	id:	JVNDB-2021-002672	date:	2021-09-29T06:16:00
db:	CNNVD	id:	CNNVD-202109-1113	date:	2022-10-28T00:00:00
db:	NVD	id:	CVE-2021-36160	date:	2023-11-07T03:36:43.407

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-03205	date:	2022-01-13T00:00:00
db:	VULHUB	id:	VHN-397448	date:	2021-09-16T00:00:00
db:	VULMON	id:	CVE-2021-36160	date:	2021-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2021-002672	date:	2021-09-29T00:00:00
db:	PACKETSTORM	id:	169132	date:	2021-10-28T19:12:00
db:	PACKETSTORM	id:	167073	date:	2022-05-11T16:37:39
db:	PACKETSTORM	id:	168072	date:	2022-08-15T16:02:48
db:	PACKETSTORM	id:	164305	date:	2021-09-28T15:06:35
db:	PACKETSTORM	id:	164329	date:	2021-09-29T14:50:01
db:	PACKETSTORM	id:	164318	date:	2021-09-28T15:23:06
db:	CNNVD	id:	CNNVD-202109-1113	date:	2021-09-16T00:00:00
db:	NVD	id:	CVE-2021-36160	date:	2021-09-16T15:15:07.330