Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2021-39275HistorySep 16, 2021 - 3:15 p.m.
CVE-2021-39275
2021-09-1615:15:07
Debian Security Bug Tracker
security-tracker.debian.org
29
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.006 Low
EPSS
Percentile
79.5%
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | apache2 | < 2.4.49-1 | apache2_2.4.49-1_all.deb |
| Debian | 11 | all | apache2 | < 2.4.51-1~deb11u1 | apache2_2.4.51-1~deb11u1_all.deb |
| Debian | 10 | all | apache2 | < 2.4.38-3+deb10u6 | apache2_2.4.38-3+deb10u6_all.deb |
| Debian | 999 | all | apache2 | < 2.4.49-1 | apache2_2.4.49-1_all.deb |
| Debian | 13 | all | apache2 | < 2.4.49-1 | apache2_2.4.49-1_all.deb |
Related
ibm
ibm
veracode
veracode
Denial Of Service (DoS)
2021-09-20 15:14:40
cbl_mariner
cbl_mariner
CVE-2021-39275 affecting package httpd 2.4.46-6
2021-10-15 04:46:31
CVE-2021-39275 affecting package httpd for versions less than 2.4.52-1
2022-04-09 06:51:57
httpd
httpd
Apache Httpd < 2.4.49 : ap_escape_quotes buffer overflow
2021-09-16 00:00:00
f5
f5
K20622400 : Apache HTTP server vulnerability CVE-2021-39275
2021-10-25 00:00:00
nessus
nessus
SUSE SLES11 Security Update : apache2 (SUSE-SU-2021:14811-1)
2021-09-28 00:00:00
Photon OS 3.0: Httpd PHSA-2021-3.0-0312
2021-10-11 00:00:00
Oracle Linux 8 : httpd:2.4 (ELSA-2022-9005)
2022-01-05 00:00:00
osv
osv
CVE-2021-39275
2021-09-16 15:15:07
BIT-apache-2021-39275
2024-03-06 10:55:11
Moderate: httpd:2.4 security update
2022-03-15 09:10:44
cnvd
cnvd
Apache HTTP Server ap_escape_quotes buffer overflow vulnerability
2021-09-18 00:00:00
redhatcve
redhatcve
CVE-2021-39275
2021-09-16 20:45:55
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-39275
2021-10-20 15:53:36
Fix of CVE: CVE-2021-39275
2021-10-11 15:13:18
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2021:14811-1)
2021-09-28 00:00:00
Ubuntu: Security Advisory (USN-5090-2)
2022-08-26 00:00:00
Apache HTTP Server < 2.4.49 Multiple Vulnerabilities - Windows
2021-09-17 00:00:00
cvelist
cvelist
CVE-2021-39275 ap_escape_quotes buffer overflow
2021-09-16 14:40:22
nvd
nvd
CVE-2021-39275
2021-09-16 15:15:07
ubuntucve
ubuntucve
CVE-2021-39275
2021-09-16 00:00:00
cve
cve
CVE-2021-39275
2021-09-16 15:15:07
alpinelinux
alpinelinux
CVE-2021-39275
2021-09-16 15:15:07
prion
prion
Input validation
2021-09-16 15:15:00
oraclelinux
oraclelinux
httpd:2.4 security update
2022-03-16 00:00:00
httpd security update
2021-12-16 00:00:00
httpd:2.4 security update
2022-01-06 00:00:00
rocky
rocky
httpd:2.4 security update
2022-03-15 09:10:44
almalinux
almalinux
Moderate: httpd:2.4 security update
2022-03-15 09:10:44
redhat
redhat
(RHSA-2022:0891) Moderate: httpd:2.4 security update
2022-03-15 09:10:44
(RHSA-2022:0143) Important: httpd security update
2022-01-17 08:16:34
photon
photon
Critical Photon OS Security Update - PHSA-2021-0444
2021-10-19 00:00:00
Critical Photon OS Security Update - PHSA-2021-0406
2021-10-20 00:00:00
Critical Photon OS Security Update - PHSA-2021-3.0-0312
2021-10-09 00:00:00
ubuntu
ubuntu
Apache HTTP Server vulnerabilities
2021-09-27 00:00:00
Apache HTTP Server regression
2021-09-28 00:00:00
Apache HTTP Server regression
2021-09-28 00:00:00
debian
debian
[SECURITY] [DLA 2776-1] apache2 security update
2021-10-02 16:07:56
[SECURITY] [DSA 4982-1] apache2 security update
2021-10-08 20:56:04
ics
ics
Siemens Apache HTTP Server (Update A)
2022-10-13 12:00:00
suse
suse
Security update for apache2 (important)
2021-10-26 00:00:00
Security update for apache2 (important)
2021-11-02 00:00:00
centos
centos
httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update
2022-01-25 17:31:14
slackware
slackware
[slackware-security] httpd
2021-09-17 04:22:20
mageia
mageia
Updated apache packages fix security vulnerability
2021-09-23 07:49:29
freebsd
freebsd
Apache httpd -- multiple vulnerabilities
2021-09-16 00:00:00
cisco
cisco
altlinux
altlinux
Security fix for the ALT Linux 9 package apache2 version 1:2.4.49-alt1
2021-09-23 00:00:00
Security fix for the ALT Linux 10 package apache2 version 1:2.4.49-alt1
2021-10-04 00:00:00
kaspersky
kaspersky
KLA12370 Multiple vulnerabilities in Apache HTTP Server
2021-09-16 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2158
2023-04-25 11:30:17
Advisory ROSA-SA-2023-2160
2023-04-25 12:02:31
amazon
amazon
Important: httpd
2021-10-15 07:57:00
Important: httpd24
2021-10-15 07:52:00
fedora
fedora
[SECURITY] Fedora 34 Update: httpd-2.4.49-1.fc34
2021-09-20 13:58:04
[SECURITY] Fedora 35 Update: httpd-2.4.49-1.fc35
2021-09-24 20:56:12
gentoo
gentoo
Apache HTTPD: Multiple Vulnerabilities
2022-08-14 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
Oracle Critical Patch Update Advisory - January 2022
2022-01-18 00:00:00
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.006 Low
EPSS
Percentile
79.5%
Related for DEBIANCVE:CVE-2021-39275