Details of VAR-202109-1805

ID

VAR-202109-1805

CVE

CVE-2021-34798

TITLE

Apache HTTP Server In NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-002671

DESCRIPTION

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. The server is fast, reliable and extensible through a simple API. No detailed vulnerability details are currently provided. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: httpd security update Advisory ID: RHSA-2022:0143-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0143 Issue date: 2022-01-17 CVE Names: CVE-2021-26691 CVE-2021-34798 CVE-2021-39275 CVE-2021-44790 ==================================================================== 1. Summary: An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Security Fix(es): * httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790) * httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691) * httpd: NULL pointer dereference via malformed requests (CVE-2021-34798) * httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1966732 - CVE-2021-26691 httpd: mod_session: Heap overflow via a crafted SessionHeader value 2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input 2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests 2034674 - CVE-2021-44790 httpd: mod_lua: Possible buffer overflow when parsing multipart content 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: httpd-2.4.6-97.el7_9.4.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: httpd-2.4.6-97.el7_9.4.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: httpd-2.4.6-97.el7_9.4.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm ppc64: httpd-2.4.6-97.el7_9.4.ppc64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm httpd-devel-2.4.6-97.el7_9.4.ppc64.rpm httpd-tools-2.4.6-97.el7_9.4.ppc64.rpm mod_session-2.4.6-97.el7_9.4.ppc64.rpm mod_ssl-2.4.6-97.el7_9.4.ppc64.rpm ppc64le: httpd-2.4.6-97.el7_9.4.ppc64le.rpm httpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm httpd-devel-2.4.6-97.el7_9.4.ppc64le.rpm httpd-tools-2.4.6-97.el7_9.4.ppc64le.rpm mod_session-2.4.6-97.el7_9.4.ppc64le.rpm mod_ssl-2.4.6-97.el7_9.4.ppc64le.rpm s390x: httpd-2.4.6-97.el7_9.4.s390x.rpm httpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm httpd-devel-2.4.6-97.el7_9.4.s390x.rpm httpd-tools-2.4.6-97.el7_9.4.s390x.rpm mod_session-2.4.6-97.el7_9.4.s390x.rpm mod_ssl-2.4.6-97.el7_9.4.s390x.rpm x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: httpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm mod_ldap-2.4.6-97.el7_9.4.ppc64.rpm mod_proxy_html-2.4.6-97.el7_9.4.ppc64.rpm ppc64le: httpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm mod_ldap-2.4.6-97.el7_9.4.ppc64le.rpm mod_proxy_html-2.4.6-97.el7_9.4.ppc64le.rpm s390x: httpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm mod_ldap-2.4.6-97.el7_9.4.s390x.rpm mod_proxy_html-2.4.6-97.el7_9.4.s390x.rpm x86_64: httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: httpd-2.4.6-97.el7_9.4.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-26691 https://access.redhat.com/security/cve/CVE-2021-34798 https://access.redhat.com/security/cve/CVE-2021-39275 https://access.redhat.com/security/cve/CVE-2021-44790 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYeVdC9zjgjWX9erEAQgzNw/8CjsxUvDW64dwvpcYH/OWJhKqvD53sX+w ivf4+hhCsEVLvrjD0eTNkbeza+dcZqoR5swL0IjAGXKJ/0q/oh4/yxq2ydgvEYsY rAjts0tnynoswBaFo6eaBlcNxQroGID0uqgXkUFt37m4eetACuOSVRcZ7/sNsqBS iQF4l16vjNvKeOdKY8nSNe77Dt1/Lj41NoL6XbAZPuvaiLBqqGOY9xYfZSSmFHFq H4dB8cfMC4cWysFtnzffJ+dJdzcWNOxklwLlZe72JoAJYP59da2YuIoE2LsQRGPC Occ84zH/UZx4JWJhF7FEEALC/tizfFqu9qWr1OIDmSVTEAZ+6IZ/mDeF83+0Mrc4 AiV3oiJi7Fx4XTDUL8fim+FORaSI2IR7LK1Zjau1qCN04ayyFXwJdK/fwgIWJHon gYhyUsAj7F7At9m8cCVRP5K4jjmr0qrmsF1M1B6xqMLWlYNcWu3obJS/FbiSdwQJ 7jFdBagThGOzIle0eGk0iMZ+vRJSuaSMZ7GDA14o46KB+EkvYLe+wi6jBQXJeD6Q Oueenu2JiMvB8+dJNYrn9uQY+8WHyCVV1HMMmVo9LajA1FJRXgMIQN5ZmDMoDW73 qFV+VCOHtKPI2hC8ngZYy2RyEUhK4t3f7xmJgtoJ4/DuaGsRWL7xZPL7gLHxWnS4 5VjPyLrWg5U=TyMo -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. ========================================================================== Ubuntu Security Notice USN-5090-4 September 28, 2021 apache2 regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: USN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem. Original advisory details: James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2021-34798) Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-39275) It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to forward requests to arbitrary origin servers. (CVE-2021-40438) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: apache2 2.4.18-2ubuntu3.17+esm3 apache2-bin 2.4.18-2ubuntu3.17+esm3 In general, a standard system update will make all the necessary changes. 7) - noarch, x86_64 3. Bug Fix(es): * proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319) Additional changes: * To fix CVE-2022-29404, the default value for the "LimitRequestBody" directive in the Apache HTTP Server has been changed from 0 (unlimited) to 1 GiB. On systems where the value of "LimitRequestBody" is not explicitly specified in an httpd configuration file, updating the httpd package sets "LimitRequestBody" to the default value of 1 GiB. As a consequence, if the total size of the HTTP request body exceeds this 1 GiB default limit, httpd returns the 413 Request Entity Too Large error code. If the new default allowed size of an HTTP request message body is insufficient for your use case, update your httpd configuration files within the respective context (server, per-directory, per-file, or per-location) and set your preferred limit in bytes. For example, to set a new 2 GiB limit, use: LimitRequestBody 2147483648 Systems already configured to use any explicit value for the "LimitRequestBody" directive are unaffected by this change. For the oldstable distribution (buster), these problems have been fixed in version 2.4.38-3+deb10u6. For the stable distribution (bullseye), these problems have been fixed in version 2.4.51-1~deb11u1. We recommend that you upgrade your apache2 packages. For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmFgr44ACgkQEMKTtsN8 TjbophAAiZ+fhF2r8BUbQkL8BhpfqjA+hVsp9WEMTn8Gq6kiW0wLvK3jWPM301Ou D4gHqKmFPmYNC1KBOyk/lJdxyD7iTUweUyLi3WXzxhIDMx0kxkRw1oXlyCHzIqSJ M277bgk32h2cDCbsXjrN/8agKPcKgfwDqiyf/igfEq6V8OB2zVvJPKVFq45n54+q 4FPXSyx1g2u5ewSeXbU2uHDej6Qborui4osDdbwx8CT6aETi0cIXJ8RbXF3PUCHG 5DzZagnRq6GumPsl01jcPu7b9Ck8MlkxMSG3FRsSIJVkwpsQ2C34ywIJkFlzUZZh jhdVUrfbyfLpSdcPcipAAjl9I6gDqa9SFdMRK7ixCpQ6iTiVeDZdJ8pA4jnSweNQ THik07di9R0juX0p7peQiIyBKrEf7Y3WSvLOn0SBKXvZnzc/72rH2nP5FclsgCsV TWxptziGridC43KB8/tDJAAOXVF2lzylzF70V/UGTNo1jk9w3/p6btU1iuzKspyY Y4aPZla3DImI8mezrgFrGYNg7bZYLKuJyGDADKih2sUQpzmDZ6MJxKAE3NLRWyQa 7cCJdoNR9yVqytEw1Y/ZRXAXWfMb3Y1ts2EqR8hzLQgMYb0JC58cLMG3T0RgyPoO A4CTIoYpK1WnsykAE8M4XFrnOW3lrtse6T8N/dTVMuodElAEhc0= =/At6 -----END PGP SIGNATURE-----

Trust: 2.97

sources: NVD: CVE-2021-34798 // JVNDB: JVNDB-2021-002671 // CNVD: CNVD-2022-03223 // VULHUB: VHN-395042 // VULMON: CVE-2021-34798 // PACKETSTORM: 165587 // PACKETSTORM: 166321 // PACKETSTORM: 164307 // PACKETSTORM: 164305 // PACKETSTORM: 164329 // PACKETSTORM: 168565 // PACKETSTORM: 169132

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-03223

AFFECTED PRODUCTS

vendor:	oracle	model:	instantis enterprisetrack	scope:	eq	version:	17.2	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	34	Trust: 1.0
vendor:	netapp	model:	clustered data ontap	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	communications cloud native core network function cloud native environment	scope:	eq	version:	1.10.0	Trust: 1.0
vendor:	netapp	model:	storagegrid	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	http server	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	siemens	model:	sinema remote connect server	scope:	lt	version:	3.1	Trust: 1.0
vendor:	apache	model:	http server	scope:	lte	version:	2.4.48	Trust: 1.0
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.58	Trust: 1.0
vendor:	siemens	model:	ruggedcom nms	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	sinec nms	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	sinema server	scope:	eq	version:	14.0	Trust: 1.0
vendor:	oracle	model:	instantis enterprisetrack	scope:	eq	version:	17.3	Trust: 1.0
vendor:	oracle	model:	http server	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	oracle	model:	instantis enterprisetrack	scope:	eq	version:	17.1	Trust: 1.0
vendor:	oracle	model:	zfs storage appliance kit	scope:	eq	version:	8.8	Trust: 1.0
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	13.5.0.0	Trust: 1.0
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	13.4.0.0	Trust: 1.0
vendor:	netapp	model:	cloud backup	scope:	eq	version:	-	Trust: 1.0
vendor:	tenable	model:	tenable.sc	scope:	lte	version:	5.19.1	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	35	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	11.0	Trust: 1.0
vendor:	broadcom	model:	brocade fabric operating system	scope:	eq	version:	-	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	fedora	model:	fedora	scope:	-	version:	-	Trust: 0.8
vendor:	apache	model:	http server	scope:	-	version:	-	Trust: 0.8
vendor:	apache	model:	http server	scope:	lte	version:	<=2.4.48	Trust: 0.6

sources: CNVD: CNVD-2022-03223 // JVNDB: JVNDB-2021-002671 // NVD: CVE-2021-34798

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-34798
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-34798
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-03223
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202109-1109
value:	HIGH
Trust: 0.6
VULHUB:	VHN-395042
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-34798
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-34798
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-03223
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-395042
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-34798
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-34798
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-03223 // VULHUB: VHN-395042 // VULMON: CVE-2021-34798 // JVNDB: JVNDB-2021-002671 // CNNVD: CNNVD-202109-1109 // NVD: CVE-2021-34798

PROBLEMTYPE DATA

problemtype:	CWE-476	Trust: 1.1
problemtype:	NULL Pointer dereference (CWE-476) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-395042 // JVNDB: JVNDB-2021-002671 // NVD: CVE-2021-34798

THREAT TYPE

remote

Trust: 0.9

sources: PACKETSTORM: 164307 // PACKETSTORM: 164305 // PACKETSTORM: 164329 // CNNVD: CNNVD-202109-1109

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202109-1109

PATCH

title:	FEDORA-2021-e3f6dd670d	url:	http://httpd.apache.org/security/vulnerabilities_24.html	Trust: 0.8
title:	Patch for Apache HTTP Server Code Issue Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/313156	Trust: 0.6
title:	Apache HTTP Server Fixes for code issue vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=171210	Trust: 0.6
title:	Red Hat: Moderate: httpd:2.4 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220891 - Security Advisory	Trust: 0.1
title:	Red Hat: CVE-2021-34798	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-34798	Trust: 0.1
title:	Debian Security Advisories: DSA-4982-1 apache2 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=93a29f7ecf9a6aaba79d3b3320aa4b85	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-34798 log	Trust: 0.1
title:	Red Hat: Moderate: httpd24-httpd security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226753 - Security Advisory	Trust: 0.1
title:	Tenable Security Advisories: [R1] Stand-alone Security Patch Available for Tenable.sc versions 5.16.0 to 5.19.1: Patch 202110.1	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2021-17	Trust: 0.1
title:	Brocade Security Advisories: CVE-2021-34798. NULL pointer dereference in httpd core.	url:	https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories&qid=2142ed2ad0c6564b6dfdd2779d3117ce	Trust: 0.1
title:	Brocade Security Advisories: Access Denied	url:	https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories&qid=3499da969fe529a2e6d5812690c8f102	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2021-1543	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2021-1543	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2021-1716	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1716	Trust: 0.1
title:	Cisco: Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-apache-httpd-2.4.49-VWL69sWQ	Trust: 0.1
title:	PROJET TUTEURE	url:	https://github.com/PierreChrd/py-projet-tut	Trust: 0.1
title:	Tier 0 Tier 1 Tier 2	url:	https://github.com/Totes5706/TotesHTB	Trust: 0.1
title:	Requirements vulnsearch-cve Usage vulnsearch Usage Test Sample	url:	https://github.com/kasem545/vulnsearch	Trust: 0.1
title:	Skynet	url:	https://github.com/bioly230/THM_Skynet	Trust: 0.1
title:	Shodan Search Script	url:	https://github.com/firatesatoglu/shodanSearch	Trust: 0.1

sources: CNVD: CNVD-2022-03223 // VULMON: CVE-2021-34798 // JVNDB: JVNDB-2021-002671 // CNNVD: CNNVD-202109-1109

EXTERNAL IDS

db:	NVD	id:	CVE-2021-34798	Trust: 3.9
db:	TENABLE	id:	TNS-2021-17	Trust: 1.8
db:	MCAFEE	id:	SB10379	Trust: 1.8
db:	SIEMENS	id:	SSA-685781	Trust: 1.8
db:	PACKETSTORM	id:	165587	Trust: 0.8
db:	PACKETSTORM	id:	166321	Trust: 0.8
db:	PACKETSTORM	id:	168565	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-002671	Trust: 0.8
db:	CNVD	id:	CNVD-2022-03223	Trust: 0.7
db:	PACKETSTORM	id:	168072	Trust: 0.7
db:	CNNVD	id:	CNNVD-202109-1109	Trust: 0.7
db:	ICS CERT	id:	ICSA-22-167-06	Trust: 0.7
db:	PACKETSTORM	id:	164329	Trust: 0.7
db:	CS-HELP	id:	SB2022012040	Trust: 0.6
db:	CS-HELP	id:	SB2021101308	Trust: 0.6
db:	CS-HELP	id:	SB2022030119	Trust: 0.6
db:	CS-HELP	id:	SB2021092301	Trust: 0.6
db:	CS-HELP	id:	SB2022051316	Trust: 0.6
db:	CS-HELP	id:	SB2022031528	Trust: 0.6
db:	CS-HELP	id:	SB2022011749	Trust: 0.6
db:	CS-HELP	id:	SB2021091707	Trust: 0.6
db:	CS-HELP	id:	SB2021101513	Trust: 0.6
db:	CS-HELP	id:	SB2021101922	Trust: 0.6
db:	CS-HELP	id:	SB2021101005	Trust: 0.6
db:	CS-HELP	id:	SB2022060624	Trust: 0.6
db:	CS-HELP	id:	SB2021101101	Trust: 0.6
db:	CS-HELP	id:	SB2022042112	Trust: 0.6
db:	CS-HELP	id:	SB2021112902	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3229	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3405	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3341	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4004.7	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3148	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3591	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0850	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3482	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2978	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4004.5	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4004.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2352	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0217	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3357	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3250	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4004.3	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3387	Trust: 0.6
db:	ICS CERT	id:	ICSA-22-132-02	Trust: 0.6
db:	PACKETSTORM	id:	164318	Trust: 0.6
db:	VULHUB	id:	VHN-395042	Trust: 0.1
db:	VULMON	id:	CVE-2021-34798	Trust: 0.1
db:	PACKETSTORM	id:	164307	Trust: 0.1
db:	PACKETSTORM	id:	164305	Trust: 0.1
db:	PACKETSTORM	id:	169132	Trust: 0.1

sources: CNVD: CNVD-2022-03223 // VULHUB: VHN-395042 // VULMON: CVE-2021-34798 // JVNDB: JVNDB-2021-002671 // PACKETSTORM: 165587 // PACKETSTORM: 166321 // PACKETSTORM: 164307 // PACKETSTORM: 164305 // PACKETSTORM: 164329 // PACKETSTORM: 168565 // PACKETSTORM: 169132 // CNNVD: CNNVD-202109-1109 // NVD: CVE-2021-34798

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2021-34798	Trust: 2.1
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf	Trust: 1.8
url:	https://security.netapp.com/advisory/ntap-20211008-0004/	Trust: 1.8
url:	https://www.tenable.com/security/tns-2021-17	Trust: 1.8
url:	https://www.debian.org/security/2021/dsa-4982	Trust: 1.8
url:	https://security.gentoo.org/glsa/202208-20	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpujan2022.html	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html	Trust: 1.8
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10379	Trust: 1.7
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-httpd-2.4.49-vwl69swq	Trust: 1.2
url:	http://httpd.apache.org/security/vulnerabilities_24.html	Trust: 1.2
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-	Trust: 1.2
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/	Trust: 1.1
url:	https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3cusers.httpd.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3cusers.httpd.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3cusers.httpd.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3cusers.httpd.apache.org%3e	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/	Trust: 1.1
url:	https://access.redhat.com/security/cve/cve-2021-34798	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39275	Trust: 0.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-34798	Trust: 0.6
url:	httpd.apache.org/security/vulnerabilities_24.html	Trust: 0.6
url:	http://	Trust: 0.6
url:	httpd.apache.org%3e	Trust: 0.6
url:	https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers.	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022051316	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022030119	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022031528	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3229	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3405	Trust: 0.6
url:	https://packetstormsecurity.com/files/165587/red-hat-security-advisory-2022-0143-03.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/166321/red-hat-security-advisory-2022-0891-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021112902	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060624	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021101513	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3357	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2352	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0217	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3250	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3591	Trust: 0.6
url:	https://packetstormsecurity.com/files/168072/gentoo-linux-security-advisory-202208-20.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4004.7	Trust: 0.6
url:	https://packetstormsecurity.com/files/164318/ubuntu-security-notice-usn-5090-3.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0850	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6520016	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-167-06	Trust: 0.6
url:	https://packetstormsecurity.com/files/168565/red-hat-security-advisory-2022-6753-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2978	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4004.3	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4004.2	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4004.5	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022012040	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022011749	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-132-02	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022042112	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021092301	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3387	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3341	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021101922	Trust: 0.6
url:	https://packetstormsecurity.com/files/164329/ubuntu-security-notice-usn-5090-4.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021101308	Trust: 0.6
url:	httpd-2.4.49-vwl69swq	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3148	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021091707	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021101101	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apache-http-server-four-vulnerabilities-36444	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3482	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021101005	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-40438	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-36160	Trust: 0.4
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-39275	Trust: 0.3
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://bugzilla.redhat.com/):	Trust: 0.3
url:	https://access.redhat.com/security/team/contact/	Trust: 0.3
url:	https://ubuntu.com/security/notices/usn-5090-1	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33193	Trust: 0.3
url:	https://access.redhat.com/errata/rhsa-2022:0891	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.2
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10379	Trust: 0.1
url:	https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers.httpd.apache.org%3e	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/476.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-06	Trust: 0.1
url:	https://github.com/totes5706/toteshtb	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-44790	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-26691	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44790	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-26691	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:0143	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5090-2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.17	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.5	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.2	Trust: 0.1
url:	https://launchpad.net/bugs/xxxxxx	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5090-4	Trust: 0.1
url:	https://access.redhat.com/articles/6975397	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-30556	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22721	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-36160	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-28614	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-22719	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-29404	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-28614	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-28615	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:6753	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-30522	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-28615	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44224	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22719	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-31813	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-30556	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-30522	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23943	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-44224	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-22721	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-29404	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33193	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-23943	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26377	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-26377	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/apache2	Trust: 0.1

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202109-1109

SOURCES

db:	CNVD	id:	CNVD-2022-03223
db:	VULHUB	id:	VHN-395042
db:	VULMON	id:	CVE-2021-34798
db:	JVNDB	id:	JVNDB-2021-002671
db:	PACKETSTORM	id:	165587
db:	PACKETSTORM	id:	166321
db:	PACKETSTORM	id:	164307
db:	PACKETSTORM	id:	164305
db:	PACKETSTORM	id:	164329
db:	PACKETSTORM	id:	168565
db:	PACKETSTORM	id:	169132
db:	CNNVD	id:	CNNVD-202109-1109
db:	NVD	id:	CVE-2021-34798

LAST UPDATE DATE

2024-09-17T19:31:45.322000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-03223	date:	2022-01-13T00:00:00
db:	VULHUB	id:	VHN-395042	date:	2022-10-28T00:00:00
db:	VULMON	id:	CVE-2021-34798	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2021-002671	date:	2021-09-29T06:16:00
db:	CNNVD	id:	CNNVD-202109-1109	date:	2023-02-22T00:00:00
db:	NVD	id:	CVE-2021-34798	date:	2023-11-07T03:36:26.910

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-03223	date:	2022-01-12T00:00:00
db:	VULHUB	id:	VHN-395042	date:	2021-09-16T00:00:00
db:	VULMON	id:	CVE-2021-34798	date:	2021-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2021-002671	date:	2021-09-29T00:00:00
db:	PACKETSTORM	id:	165587	date:	2022-01-17T16:53:40
db:	PACKETSTORM	id:	166321	date:	2022-03-15T15:50:26
db:	PACKETSTORM	id:	164307	date:	2021-09-28T15:13:59
db:	PACKETSTORM	id:	164305	date:	2021-09-28T15:06:35
db:	PACKETSTORM	id:	164329	date:	2021-09-29T14:50:01
db:	PACKETSTORM	id:	168565	date:	2022-09-30T14:51:18
db:	PACKETSTORM	id:	169132	date:	2021-10-28T19:12:00
db:	CNNVD	id:	CNNVD-202109-1109	date:	2021-09-16T00:00:00
db:	NVD	id:	CVE-2021-34798	date:	2021-09-16T15:15:07.267