Lucene search
Alpine Linux Development TeamALPINE:CVE-2021-33193HistoryAug 16, 2021 - 8:15 a.m.
CVE-2021-33193
2021-08-1608:15:11
Alpine Linux Development Team
security.alpinelinux.org
26
crafted method
http/2
validation bypass
mod_proxy
request splitting
cache poisoning
apache http server
cve-2021-33193
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
8
Confidence
High
EPSS
0.001
Percentile
47.3%
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | edge-main | noarch | apache2 | < 2.4.49-r0 | UNKNOWN |
| Alpine | 3.11-main | noarch | apache2 | < 2.4.49-r0 | UNKNOWN |
| Alpine | 3.12-main | noarch | apache2 | < 2.4.49-r0 | UNKNOWN |
| Alpine | 3.13-main | noarch | apache2 | < 2.4.49-r0 | UNKNOWN |
| Alpine | 3.14-main | noarch | apache2 | < 2.4.49-r0 | UNKNOWN |
| Alpine | 3.15-main | noarch | apache2 | < 2.4.49-r0 | UNKNOWN |
| Alpine | 3.16-main | noarch | apache2 | < 2.4.49-r0 | UNKNOWN |
| Alpine | 3.17-main | noarch | apache2 | < 2.4.49-r0 | UNKNOWN |
| Alpine | 3.18-main | noarch | apache2 | < 2.4.49-r0 | UNKNOWN |
| Alpine | 3.19-main | noarch | apache2 | < 2.4.49-r0 | UNKNOWN |
Related
cbl_mariner
cbl_mariner
CVE-2021-33193 affecting package httpd for versions less than 2.4.52-1
2022-04-09 06:51:57
CVE-2021-33193 affecting package httpd 2.4.46-6
2021-09-09 15:02:57
nessus
nessus
Photon OS 3.0: Httpd PHSA-2021-3.0-0305
2021-10-07 00:00:00
SUSE SLED12 / SLES12 Security Update : apache2 (SUSE-SU-2021:2918-1)
2021-09-04 00:00:00
Apache >= 2.4.17 < 2.4.49 mod_http2
2021-09-23 00:00:00
openvas
openvas
openSUSE: Security Advisory for apache2 (openSUSE-SU-2021:1234-1)
2021-09-08 00:00:00
Apache HTTP Server 2.4.17 < 2.4.49 'mod_proxy' HTTP/2 Request Smuggling Vulnerability - Linux
2021-08-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:2954-1)
2021-09-05 00:00:00
suse
suse
Security update for apache2 (important)
2021-09-03 00:00:00
Security update for apache2 (important)
2021-09-07 00:00:00
osv
osv
CVE-2021-33193
2021-08-16 08:15:11
BIT-apache-2021-33193
2024-03-06 10:55:40
Moderate: httpd:2.4 security and bug fix update
2022-05-10 08:07:40
veracode
veracode
Privilege Escalation
2021-08-13 01:56:49
cvelist
cvelist
CVE-2021-33193 Request splitting via HTTP/2 method injection and mod_proxy
2021-08-16 00:00:00
redhatcve
redhatcve
CVE-2021-33193
2021-08-12 02:03:43
prion
prion
Input validation
2021-08-16 08:15:00
cve
cve
CVE-2021-33193
2021-08-16 08:15:11
photon
photon
Important Photon OS Security Update - PHSA-2021-0305
2021-09-24 00:00:00
Important Photon OS Security Update - PHSA-2021-3.0-0305
2021-09-24 00:00:00
hackerone
hackerone
Internet Bug Bounty: Request line injection via HTTP/2 in Apache mod_proxy
2021-11-04 13:39:46
f5
f5
K94828628 : Apache mod_proxy HTTP/2 vulnerability CVE-2021-33193
2021-09-13 00:00:00
nvd
nvd
CVE-2021-33193
2021-08-16 08:15:11
httpd
httpd
debiancve
debiancve
CVE-2021-33193
2021-08-16 08:15:11
ibm
ibm
oraclelinux
oraclelinux
httpd:2.4 security update
2022-04-13 00:00:00
httpd:2.4 security and bug fix update
2022-05-17 00:00:00
ubuntucve
ubuntucve
CVE-2021-33193
2021-08-16 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: httpd-2.4.50-1.fc35
2021-10-29 23:19:42
[SECURITY] Fedora 34 Update: httpd-2.4.50-1.fc34
2021-10-07 17:19:23
debian
debian
[SECURITY] [DLA 3351-1] apache2 security update
2023-03-03 16:35:17
rocky
rocky
httpd:2.4 security and bug fix update
2022-05-10 08:07:40
rosalinux
rosalinux
Advisory ROSA-SA-2023-2155
2023-04-18 12:09:43
Advisory ROSA-SA-2023-2159
2023-04-25 11:49:15
redhat
redhat
(RHSA-2022:1915) Moderate: httpd:2.4 security and bug fix update
2022-05-10 08:07:40
(RHSA-2022:7143) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update
2022-10-26 20:05:14
(RHSA-2022:6753) Moderate: httpd24-httpd security and bug fix update
2022-09-29 13:20:41
almalinux
almalinux
Moderate: httpd:2.4 security and bug fix update
2022-05-10 08:07:40
altlinux
altlinux
Security fix for the ALT Linux 9 package apache2 version 1:2.4.49-alt1
2021-09-23 00:00:00
Security fix for the ALT Linux 10 package apache2 version 1:2.4.49-alt1
2021-10-04 00:00:00
slackware
slackware
[slackware-security] httpd
2021-09-17 04:22:20
ubuntu
ubuntu
Apache HTTP Server vulnerabilities
2021-09-27 00:00:00
Apache HTTP Server regression
2021-09-28 00:00:00
Apache HTTP Server regression
2021-09-28 00:00:00
kaspersky
kaspersky
KLA12370 Multiple vulnerabilities in Apache HTTP Server
2021-09-16 00:00:00
freebsd
freebsd
Apache httpd -- multiple vulnerabilities
2021-09-16 00:00:00
cisco
cisco
mageia
mageia
Updated apache packages fix security vulnerability
2021-09-23 07:49:29
amazon
amazon
Important: httpd24
2021-10-15 07:52:00
Important: httpd
2021-10-15 07:57:00
gentoo
gentoo
Apache HTTPD: Multiple Vulnerabilities
2022-08-14 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2022
2022-01-18 00:00:00
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
8
Confidence
High
EPSS
0.001
Percentile
47.3%
Related for ALPINE:CVE-2021-33193