Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
01 Dec 2021, 21:33
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/ - Mailing List, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Third Party Advisory |
20 Oct 2021, 11:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Sep 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Sep 2021, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Sep 2021, 13:48
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20210702-0001/ - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html - Mailing List, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2021/dsa-4937 - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
17 Jul 2021, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Jul 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Jul 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Jul 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.apache.org/thread.html/rae406c1d19c0dfd3103c96923dadac2af1cd0bad6905ab1ede153865@%3Cannounce.httpd.apache.org%3E - Mailing List, Vendor Advisory |
22 Jun 2021, 01:18
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E - Mailing List, Vendor Advisory, Mailing List, Mailing List, Vendor Advisory, Vendor Advisory | |
References | (CONFIRM) http://httpd.apache.org/security/vulnerabilities_24.html - Release Notes, Vendor Advisory, Release Notes, Release Notes, Vendor Advisory, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rae406c1d19c0dfd3103c96923dadac2af1cd0bad6905ab1ede153865@%3Cannounce.httpd.apache.org%3E - Vendor Advisory, Mailing List, Mailing List, Vendor Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/06/10/6 - Mailing List, Third Party Advisory, Mailing List, Mailing List, Third Party Advisory, Third Party Advisory | |
References | (CONFIRM) https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory, Mailing List, Mailing List, Vendor Advisory | |
CWE | CWE-476 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* |
10 Jun 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Jun 2021, 11:58
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Jun 2021, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-06-10 07:15
Updated : 2024-02-04 21:47
NVD link : CVE-2021-26690
Mitre link : CVE-2021-26690
CVE.ORG link : CVE-2021-26690
JSON object : View
Products Affected
debian
- debian_linux
oracle
- enterprise_manager_ops_center
- zfs_storage_appliance_kit
- instantis_enterprisetrack
apache
- http_server
fedoraproject
- fedora
CWE
CWE-476
NULL Pointer Dereference