Vulnerability CVE-2021-44790
Published: 2021-12-20

Description:
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

Type:

CWE-787

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Apache -> Http server 

 References:
http://httpd.apache.org/security/vulnerabilities_24.html
http://www.openwall.com/lists/oss-security/2021/12/20/4
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/
https://security.netapp.com/advisory/ntap-20211224-0001/
Copyright 2024, cxsecurity.com

 

Back to Top