ALT-PU-2021-2587-1
Closed vulnerabilities
Published: 2021-03-01
BDU:2021-03678
Уязвимость веб-сервера Apache HTTP Server, связанная с переполнением кучи, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2021-06-10
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-26691
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- http://httpd.apache.org/security/vulnerabilities_24.html
- http://httpd.apache.org/security/vulnerabilities_24.html
- [oss-security] 20210609 CVE-2021-26691: Apache httpd: mod_session response handling heap overflow
- [oss-security] 20210609 CVE-2021-26691: Apache httpd: mod_session response handling heap overflow
- [httpd-announce] 20210609 CVE-2021-26691: mod_session response handling heap overflow
- [httpd-announce] 20210609 CVE-2021-26691: mod_session response handling heap overflow
- [httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json
- [httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json
- https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E
- [debian-lts-announce] 20210709 [SECURITY] [DLA 2706-1] apache2 security update
- [debian-lts-announce] 20210709 [SECURITY] [DLA 2706-1] apache2 security update
- FEDORA-2021-dce7e7738e
- FEDORA-2021-dce7e7738e
- FEDORA-2021-e3f6dd670d
- FEDORA-2021-e3f6dd670d
- GLSA-202107-38
- GLSA-202107-38
- https://security.netapp.com/advisory/ntap-20210702-0001/
- https://security.netapp.com/advisory/ntap-20210702-0001/
- DSA-4937
- DSA-4937
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html