CVE-2021-40438: Fixed a SRF via a crafted request uri-path. (bsc#1190703)
CVE-2021-36160: Fixed an out-of-bounds read via a crafted request
uri-path. (bsc#1190702)
CVE-2021-39275: Fixed an out-of-bounds write in ap_escape_quotes() via
malicious input. (bsc#1190666)
CVE-2021-34798: Fixed a NULL pointer dereference via malformed requests.
(bsc#1190669)

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

openSUSE Leap 15.2:

zypper in -t patch openSUSE-2021-1438=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.2i586< - openSUSE Leap 15.2 (i586 x86_64):- openSUSE Leap 15.2 (i586 x86_64):.i586.rpm
openSUSE Leap15.2x86_64< - openSUSE Leap 15.2 (i586 x86_64):- openSUSE Leap 15.2 (i586 x86_64):.x86_64.rpm
openSUSE Leap15.2noarch< - openSUSE Leap 15.2 (noarch):- openSUSE Leap 15.2 (noarch):.noarch.rpm

OS	Version	Architecture	Version	Filename
openSUSE Leap	15.2	i586	< - openSUSE Leap 15.2 (i586 x86_64):	- openSUSE Leap 15.2 (i586 x86_64):.i586.rpm
openSUSE Leap	15.2	x86_64	< - openSUSE Leap 15.2 (i586 x86_64):	- openSUSE Leap 15.2 (i586 x86_64):.x86_64.rpm
openSUSE Leap	15.2	noarch	< - openSUSE Leap 15.2 (noarch):	- openSUSE Leap 15.2 (noarch):.noarch.rpm

nessus 50

osv 16

openvas 35

suse 1

debian 3

slackware 1

ubuntu 4

mageia 1

freebsd 1

cisco 1

altlinux 2

ibm 20

kaspersky 1

ics 1

photon 5

oraclelinux 5

rocky 1

almalinux 1

attackerkb 1

redhat 7

amazon 2

fedora 2

rosalinux 1

centos 2

cnvd 3

cve 1

cvelist 2

debiancve 3

f5 3

veracode 2

alpinelinux 3

cbl_mariner 4

httpd 3

githubexploit 2

prion 3

nvd 1

redhatcve 2

ubuntucve 2

cisa_kev 1

nessus

EulerOS 2.0 SP10 : httpd (EulerOS-SA-2022-1225)

2022-02-25 00:00:00

openSUSE 15 Security Update : apache2 (openSUSE-SU-2021:3522-1)

2021-10-27 00:00:00

EulerOS 2.0 SP9 : httpd (EulerOS-SA-2021-2923)

2021-12-30 00:00:00

osv

apache2 - security update

2021-10-08 00:00:00

apache2 vulnerabilities

2021-09-27 14:06:45

apache2 regression

2021-09-28 15:05:47

openvas

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2021-2923)

2021-12-31 00:00:00

openSUSE: Security Advisory for apache2 (openSUSE-SU-2021:3522-1)

2021-10-27 00:00:00

SUSE: Security Advisory (SUSE-SU-2021:3522-1)

2021-10-27 00:00:00

suse

Security update for apache2 (important)

2021-10-26 00:00:00

debian

[SECURITY] [DSA 4982-1] apache2 security update

2021-10-08 20:56:04

[SECURITY] [DLA 2776-1] apache2 security update

2021-10-02 16:07:56

[SECURITY] [DLA 2768-2] uwsgi regression update

2021-10-20 18:04:40

slackware

[slackware-security] httpd

2021-09-17 04:22:20

ubuntu

Apache HTTP Server regression

2021-09-28 00:00:00

Apache HTTP Server regression

2021-09-28 00:00:00

Apache HTTP Server vulnerabilities

2021-09-27 00:00:00

mageia

Updated apache packages fix security vulnerability

2021-09-23 07:49:29

freebsd

Apache httpd -- multiple vulnerabilities

2021-09-16 00:00:00

cisco

Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021

2021-11-24 16:00:00

altlinux

Security fix for the ALT Linux 10 package apache2 version 1:2.4.49-alt1

2021-10-04 00:00:00

Security fix for the ALT Linux 9 package apache2 version 1:2.4.49-alt1

2021-09-23 00:00:00

ibm

Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2021-39275, CVE-2021-40438, CVE-2021-34798)

2021-11-08 04:06:25

Security Bulletin: Multiple vulnerabilities affect IBM HTTP Server (powered by Apache) for i

2021-12-06 17:06:29

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2021-40438, CVE-2021-34798)

2021-10-18 06:27:04

kaspersky

KLA12370 Multiple vulnerabilities in Apache HTTP Server

2021-09-16 00:00:00

ics

Siemens Apache HTTP Server (Update A)

2022-10-13 12:00:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0437

2021-10-01 00:00:00

Critical Photon OS Security Update - PHSA-2021-0309

2021-10-01 00:00:00

Critical Photon OS Security Update - PHSA-2021-3.0-0309

2021-10-02 00:00:00

oraclelinux

httpd:2.4 security update

2022-03-16 00:00:00

httpd security update

2021-12-16 00:00:00

httpd:2.4 security update

2022-01-06 00:00:00

rocky

httpd:2.4 security update

2022-03-15 09:10:44

almalinux

Moderate: httpd:2.4 security update

2022-03-15 09:10:44

attackerkb

CVE-2021-40438

2021-09-16 00:00:00

redhat

(RHSA-2022:0891) Moderate: httpd:2.4 security update

2022-03-15 09:10:44

(RHSA-2022:0143) Important: httpd security update

2022-01-17 08:16:34

(RHSA-2022:7143) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update

2022-10-26 20:05:14

amazon

Important: httpd

2021-10-15 07:57:00

Important: httpd24

2021-10-15 07:52:00

fedora

[SECURITY] Fedora 34 Update: httpd-2.4.49-1.fc34

2021-09-20 13:58:04

[SECURITY] Fedora 35 Update: httpd-2.4.49-1.fc35

2021-09-24 20:56:12

rosalinux

Advisory ROSA-SA-2023-2158

2023-04-25 11:30:17

centos

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

2022-01-25 17:31:14

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

2021-11-17 14:59:00

cnvd

Apache HTTP Server Denial of Service Vulnerability (CNVD-2022-03205)

2021-09-18 00:00:00

Apache HTTP Server ap_escape_quotes buffer overflow vulnerability

2021-09-18 00:00:00

Apache HTTP Server mod_proxy server-side request forgery vulnerability

2021-09-18 00:00:00

cve

CVE-2021-36160

2021-09-16 15:15:07

cvelist

CVE-2021-36160 mod_proxy_uwsgi out of bound read

2021-09-16 14:40:18

CVE-2021-34798 NULL pointer dereference in httpd core

2021-09-16 14:40:17

debiancve

CVE-2021-36160

2021-09-16 15:15:07

CVE-2021-34798

2021-09-16 15:15:07

CVE-2021-39275

2021-09-16 15:15:07

K13401920 : Apache HTTPD vulnerability CVE-2021-36160

2021-10-20 00:00:00

K20622400 : Apache HTTP server vulnerability CVE-2021-39275

2021-10-25 00:00:00

K01552024 : Apache vulnerability CVE-2021-40438

2021-10-21 00:00:00

veracode

Denial Of Service (DoS)

2021-09-20 05:04:34

Denial Of Service (DoS)

2021-09-20 15:14:40

alpinelinux

CVE-2021-36160

2021-09-16 15:15:07

CVE-2021-39275

2021-09-16 15:15:07

CVE-2021-34798

2021-09-16 15:15:07

cbl_mariner

CVE-2021-36160 affecting package httpd for versions less than 2.4.52-1

2022-04-09 06:51:57

CVE-2021-39275 affecting package httpd 2.4.46-6

2021-10-15 04:46:31

CVE-2021-34798 affecting package httpd 2.4.46-6

2021-10-15 04:46:31

httpd

Apache Httpd < 2.4.49 : mod_proxy_uwsgi out of bound read

2021-04-26 00:00:00

Apache Httpd < 2.4.49 : ap_escape_quotes buffer overflow

2021-09-16 00:00:00

Apache Httpd < 2.4.49 : NULL pointer dereference in httpd core

2021-09-16 00:00:00

githubexploit

Exploit for Server-Side Request Forgery in Apache Http Server

2023-12-12 11:56:23

Exploit for Server-Side Request Forgery in Apache Http Server

2022-04-03 15:24:24

prion

Input validation

2021-09-16 15:15:00

Null pointer dereference

2021-09-16 15:15:00

Design/Logic Flaw

2021-09-16 15:15:00

nvd

CVE-2021-34798

2021-09-16 15:15:07

redhatcve

CVE-2021-34798

2021-09-16 21:57:58

CVE-2021-36160

2021-09-16 21:58:07

ubuntucve

CVE-2021-36160

2021-09-16 00:00:00

CVE-2021-34798

2021-09-16 00:00:00

cisa_kev

Apache HTTP Server-Side Request Forgery (SSRF)

2021-12-01 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.971 High

EPSS

Percentile

99.8%

JSON

Related for OPENSUSE-SU-2021:1438-1