CVE-2021-44790 Apache httpd web server vulnerabilities
search cancel

CVE-2021-44790 Apache httpd web server vulnerabilities

book

Article ID: 231209

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

Newly discovered vulnerability on Apache HTTPD Web Server.

  • CVE-2021-44790: Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51
  • CVE-2021-44224: Possible NULL dereference or SSRF in forwarding proxy configurations in Apache HTTP Server 2.4.51 and earlier.

URL https://cybernews.com/news/apache-found-critical-bugs-in-httpd-web-server/

 

 

 

 

Environment

Vapp 14.3 14.4

Resolution

For C8/14.4 and 14.4.1 uses Apache/2.4.37, mod_lua is enabled and a fix has been provided for both versions

CVE-2021-44790 Vulnerable. mod_lua is enabled.

1) For 14.4.0-Centos8(v2) - HF-DE524026-20211224-0001.tgz.gpg
2) For 14.4.1-Centos8(v2) - HF_VA-14.4.1-20211103100124-DE500001-0001.tgz.gpg

CVE-2021-44224 Not vulnerable. VApp proxy uses a reverse proxy configuration.

 

For C6/14.2/14.3/14.4 uses Apache/2.2.15, mod_lua was not applicable

CVE-2021-44790 Not Vulnerable. mod_lua is not applicable.

CVE-2021-44224 Not vulnerable. VApp proxy uses a reverse proxy configuration.

 

mod_lua was compatible with Apache 2.3 and later, please refer to the link below

 

https://httpd.apache.org/docs/trunk/mod/mod_lua.html

 

 

 

Additional Information

Reference

Defect DE524026 

Attachments

HF_VA-14.4.1-20211224164443-DE524026.tgz_1640348695452.gpg get_app
HF-DE524026-20211224-0001.tgz_1640348673648.gpg get_app
Powered by Wolken Software