Lucene search
Alpine Linux Development TeamALPINE:CVE-2021-36160HistorySep 16, 2021 - 3:15 p.m.
CVE-2021-36160
2021-09-1615:15:07
Alpine Linux Development Team
security.alpinelinux.org
20
apache
http
server
vulnerability
memory
dos
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
8.7
Confidence
High
EPSS
0.002
Percentile
55.7%
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | edge-main | noarch | apache2 | <Â 2.4.49-r0 | UNKNOWN |
| Alpine | 3.11-main | noarch | apache2 | <Â 2.4.49-r0 | UNKNOWN |
| Alpine | 3.12-main | noarch | apache2 | <Â 2.4.49-r0 | UNKNOWN |
| Alpine | 3.13-main | noarch | apache2 | <Â 2.4.49-r0 | UNKNOWN |
| Alpine | 3.14-main | noarch | apache2 | <Â 2.4.49-r0 | UNKNOWN |
| Alpine | 3.15-main | noarch | apache2 | <Â 2.4.49-r0 | UNKNOWN |
| Alpine | 3.16-main | noarch | apache2 | <Â 2.4.49-r0 | UNKNOWN |
| Alpine | 3.17-main | noarch | apache2 | <Â 2.4.49-r0 | UNKNOWN |
| Alpine | 3.18-main | noarch | apache2 | <Â 2.4.49-r0 | UNKNOWN |
| Alpine | 3.19-main | noarch | apache2 | <Â 2.4.49-r0 | UNKNOWN |
Related
osv
osv
uwsgi - security update
2021-09-29 00:00:00
BIT-apache-2021-36160
2024-03-06 10:55:19
CVE-2021-36160
2021-09-16 15:15:07
debian
debian
[SECURITY] [DLA 2768-2] uwsgi regression update
2021-10-20 18:04:40
[SECURITY] [DLA 2768-1] uwsgi security update
2021-09-29 19:53:04
[SECURITY] [DSA 4982-1] apache2 security update
2021-10-08 20:56:04
cnvd
cnvd
Apache HTTP Server Denial of Service Vulnerability (CNVD-2022-03205)
2021-09-18 00:00:00
cve
cve
CVE-2021-36160
2021-09-16 15:15:07
debiancve
debiancve
CVE-2021-36160
2021-09-16 15:15:07
cvelist
cvelist
CVE-2021-36160 mod_proxy_uwsgi out of bound read
2021-09-16 14:40:18
prion
prion
Design/Logic Flaw
2021-09-16 15:15:00
openvas
openvas
Apache HTTP Server 2.4.30 < 2.4.49 DoS Vulnerability - Linux
2021-09-17 00:00:00
Debian: Security Advisory (DLA-2768-1)
2021-10-01 00:00:00
Apache HTTP Server 2.4.30 < 2.4.49 DoS Vulnerability - Windows
2021-09-17 00:00:00
ubuntucve
ubuntucve
CVE-2021-36160
2021-09-16 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-36160 affecting package httpd 2.4.46-6
2021-10-15 04:46:31
CVE-2021-36160 affecting package httpd for versions less than 2.4.52-1
2022-04-09 06:51:57
nessus
nessus
Apache >= 2.4.30 < 2.4.49 mod_proxy_uwsgi
2021-09-23 00:00:00
Debian DLA-2768-1 : uwsgi - LTS security update
2021-10-02 00:00:00
Photon OS 1.0: Httpd PHSA-2021-1.0-0437
2021-10-08 00:00:00
redhatcve
redhatcve
CVE-2021-36160
2021-09-16 21:58:07
nvd
nvd
CVE-2021-36160
2021-09-16 15:15:07
ibm
ibm
veracode
veracode
Denial Of Service (DoS)
2021-09-20 05:04:34
f5
f5
K13401920 : Apache HTTPD vulnerability CVE-2021-36160
2021-10-20 00:00:00
httpd
httpd
Apache Httpd < 2.4.49 : mod_proxy_uwsgi out of bound read
2021-04-26 00:00:00
attackerkb
attackerkb
CVE-2021-40438
2021-09-16 00:00:00
redhat
redhat
(RHSA-2022:1915) Moderate: httpd:2.4 security and bug fix update
2022-05-10 08:07:40
(RHSA-2022:7143) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update
2022-10-26 20:05:14
(RHSA-2022:6753) Moderate: httpd24-httpd security and bug fix update
2022-09-29 13:20:41
suse
suse
Security update for apache2 (important)
2021-10-26 00:00:00
Security update for apache2 (important)
2021-11-02 00:00:00
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2021-1.0-0437
2021-10-01 00:00:00
Critical Photon OS Security Update - PHSA-2021-0309
2021-10-01 00:00:00
Critical Photon OS Security Update - PHSA-2021-3.0-0309
2021-10-02 00:00:00
rocky
rocky
httpd:2.4 security and bug fix update
2022-05-10 08:07:40
oraclelinux
oraclelinux
httpd:2.4 security and bug fix update
2022-05-17 00:00:00
almalinux
almalinux
Moderate: httpd:2.4 security and bug fix update
2022-05-10 08:07:40
altlinux
altlinux
Security fix for the ALT Linux 10 package apache2 version 1:2.4.49-alt1
2021-10-04 00:00:00
Security fix for the ALT Linux 9 package apache2 version 1:2.4.49-alt1
2021-09-23 00:00:00
slackware
slackware
[slackware-security] httpd
2021-09-17 04:22:20
ubuntu
ubuntu
Apache HTTP Server vulnerabilities
2021-09-27 00:00:00
Apache HTTP Server regression
2021-09-28 00:00:00
Apache HTTP Server regression
2021-09-28 00:00:00
kaspersky
kaspersky
KLA12370 Multiple vulnerabilities in Apache HTTP Server
2021-09-16 00:00:00
freebsd
freebsd
Apache httpd -- multiple vulnerabilities
2021-09-16 00:00:00
mageia
mageia
Updated apache packages fix security vulnerability
2021-09-23 07:49:29
cisco
cisco
amazon
amazon
Important: httpd
2021-10-15 07:57:00
Important: httpd24
2021-10-15 07:52:00
fedora
fedora
[SECURITY] Fedora 35 Update: httpd-2.4.49-1.fc35
2021-09-24 20:56:12
[SECURITY] Fedora 34 Update: httpd-2.4.49-1.fc34
2021-09-20 13:58:04
rosalinux
rosalinux
Advisory ROSA-SA-2023-2160
2023-04-25 12:02:31
gentoo
gentoo
Apache HTTPD: Multiple Vulnerabilities
2022-08-14 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2022
2022-01-18 00:00:00
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
8.7
Confidence
High
EPSS
0.002
Percentile
55.7%
Related for ALPINE:CVE-2021-36160