Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2021-30641
HistoryJun 10, 2021 - 12:00 a.m.

CVE-2021-30641

2021-06-1000:00:00
ubuntu.com
ubuntu.com
46
apache http server
security vulnerability
cve-2021-30641
unexpected matching behavior
mergeslashes off
bugzilla
backporting
bionic
unix

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.007

Percentile

81.1%

JSON

Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior
with ‘MergeSlashes OFF’

Bugs

Notes

Author Note
mdeslaur looks like this was introduced in the patch for CVE-2019-0220, which was backported to bionic.
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchapache2< 2.4.29-1ubuntu4.16UNKNOWN
ubuntu20.04noarchapache2< 2.4.41-4ubuntu3.3UNKNOWN
ubuntu20.10noarchapache2< 2.4.46-1ubuntu1.2UNKNOWN
ubuntu21.04noarchapache2< 2.4.46-4ubuntu1.1UNKNOWN
ubuntu21.10noarchapache2< 2.4.46-4ubuntu2UNKNOWN
ubuntu22.04noarchapache2< 2.4.46-4ubuntu2UNKNOWN
ubuntu14.04noarchapache2< 2.4.7-1ubuntu4.22+esm1UNKNOWN
ubuntu16.04noarchapache2< 2.4.18-2ubuntu3.17+esm1UNKNOWN

Related

redhatcve 2
ibm 38
osv 10
openvas 38
httpd 2
veracode 2
f5 2
nessus 55
nvd 2
cve 2
cbl_mariner 2
cvelist 2
prion 2
alpinelinux 2
debiancve 2
broadcom 1
redhat 5
ubuntucve 1
rocky 1
almalinux 1
oraclelinux 3
debian 3
centos 1
ubuntu 2
altlinux 3
fedora 3
photon 3
suse 5
kaspersky 1
freebsd 1
amazon 2
redhatcve
redhatcve
CVE-2021-30641
2021-06-08 03:49:52
CVE-2019-0220
2019-04-02 11:19:54
ibm
ibm
Security Bulletin: Vulnerability identified in WebSphere Application Server affects Cloud Pak System (CVE-2021-30641)
2021-07-14 22:33:16
Security Bulletin: Multiple Vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Remote Server
2021-06-28 18:00:22
Security Bulletin: Vulnerability in IBM HTTP Server affects IBM Netezza Performance Portal
2019-10-18 03:36:34
osv
osv
BIT-apache-2021-30641
2024-03-06 10:56:03
CVE-2021-30641
2021-06-10 07:15:07
CVE-2019-0220
2019-06-11 21:29:00
openvas
openvas
Apache HTTP Server 2.4.39 - 2.4.46 Unexpected URL Matching Vulnerability - Windows
2021-06-10 00:00:00
Apache HTTP Server 2.4.39 - 2.4.46 Unexpected URL Matching Vulnerability - Linux
2021-06-10 00:00:00
Apache HTTP Server < 2.4.39 URL Normalization Vulnerability - Windows
2019-04-08 00:00:00
httpd
httpd
Apache Httpd < 2.4.48 : Unexpected URL matching with 'MergeSlashes OFF'
2021-04-14 00:00:00
Apache Httpd < 2.4.39 : Apache httpd URL normalization inconsistincy
2019-01-20 00:00:00
veracode
veracode
Denial Of Service(DoS)
2021-06-13 10:29:41
Authorization Bypass
2019-08-08 00:07:37
f5
f5
K13815051 : Apache vulnerability CVE-2021-30641
2021-07-09 00:00:00
K44591505 : Apache vulnerabilities CVE-2019-0196, CVE-2019-0197, and CVE-2019-0220
2019-05-07 00:00:00
nessus
nessus
CBL Mariner 2.0 Security Update: httpd (CVE-2021-30641)
2023-03-20 00:00:00
EulerOS 2.0 SP8 : httpd (EulerOS-SA-2019-2080)
2019-09-30 00:00:00
EulerOS 2.0 SP3 : httpd (EulerOS-SA-2019-2249)
2019-11-08 00:00:00
nvd
nvd
CVE-2021-30641
2021-06-10 07:15:07
CVE-2019-0220
2019-06-11 21:29:00
cve
cve
CVE-2021-30641
2021-06-10 07:15:07
CVE-2019-0220
2019-06-11 21:29:00
cbl_mariner
cbl_mariner
CVE-2021-30641 affecting package httpd 2.4.46-6
2021-07-08 21:56:40
CVE-2021-30641 affecting package httpd for versions less than 2.4.46-10
2022-04-09 06:51:57
cvelist
cvelist
CVE-2021-30641 Unexpected URL matching with 'MergeSlashes OFF'
2021-06-10 07:10:24
CVE-2019-0220
2019-06-11 20:49:50
prion
prion
Code injection
2021-06-10 07:15:00
Path traversal
2019-06-11 21:29:00
alpinelinux
alpinelinux
CVE-2021-30641
2021-06-10 07:15:07
CVE-2019-0220
2019-06-11 21:29:00
debiancve
debiancve
CVE-2021-30641
2021-06-10 07:15:07
CVE-2019-0220
2019-06-11 21:29:00
broadcom
broadcom
Apache httpd URL normalization inconsistency
2023-08-01 00:00:00
redhat
redhat
(RHSA-2020:0251) Low: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP1 Security Update
2020-01-27 21:17:57
(RHSA-2021:4257) Moderate: httpd:2.4 security, bug fix, and enhancement update
2021-11-09 08:52:38
(RHSA-2019:2343) Moderate: httpd security and bug fix update
2019-08-06 08:27:25
ubuntucve
ubuntucve
CVE-2019-0220
2019-04-02 00:00:00
rocky
rocky
httpd:2.4 security, bug fix, and enhancement update
2021-11-09 08:52:38
almalinux
almalinux
Moderate: httpd:2.4 security, bug fix, and enhancement update
2021-11-09 08:52:38
oraclelinux
oraclelinux
httpd:2.4 security, bug fix, and enhancement update
2021-11-16 00:00:00
httpd:2.4 security and bug fix update
2019-11-14 00:00:00
httpd security and bug fix update
2019-08-13 00:00:00
debian
debian
[SECURITY] [DLA 1748-1] apache2 security update
2019-04-03 14:29:59
[SECURITY] [DSA 4937-1] apache2 security update
2021-07-08 17:14:14
[SECURITY] [DSA 4422-1] apache2 security update
2019-04-03 09:10:59
centos
centos
httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update
2019-09-18 20:21:26
ubuntu
ubuntu
Apache HTTP Server vulnerabilities
2021-06-21 00:00:00
Apache HTTP Server vulnerabilities
2021-06-21 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package apache2 version 1:2.4.39-alt1
2019-04-02 00:00:00
Security fix for the ALT Linux 8 package apache2 version 1:2.4.39-alt1
2019-04-03 00:00:00
Security fix for the ALT Linux 10 package apache2 version 1:2.4.39-alt1
2019-04-02 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: httpd-2.4.39-1.1.fc28
2019-05-14 01:06:32
[SECURITY] Fedora 29 Update: httpd-2.4.39-2.fc29
2019-04-06 19:44:50
[SECURITY] Fedora 30 Update: httpd-2.4.39-2.fc30
2019-04-05 00:03:02
photon
photon
Important Photon OS Security Update - PHSA-2021-0257
2021-06-22 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0365
2021-06-30 00:00:00
Important Photon OS Security Update - PHSA-2021-3.0-0257
2021-06-22 00:00:00
suse
suse
Security update for apache2 (important)
2019-04-23 00:00:00
Security update for apache2 (important)
2019-04-11 00:00:00
Security update for apache2 (important)
2019-04-16 00:00:00
kaspersky
kaspersky
KLA12365 Multiple vulnerabilities in Apache HTTP Server
2019-04-01 00:00:00
freebsd
freebsd
Apache -- Multiple vulnerabilities
2019-04-01 00:00:00
amazon
amazon
Important: httpd24
2019-04-05 20:05:00
Important: httpd
2019-04-04 21:49:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.007

Percentile

81.1%

JSON
Related for UB:CVE-2021-30641
redhatcve2ibm38osv10openvas38httpd2veracode2f52nessus55nvd2cve2cbl_mariner2cvelist2prion2alpinelinux2debiancve2broadcom1redhat5ubuntucve1rocky1almalinux1oraclelinux3debian3centos1ubuntu2altlinux3fedora3photon3suse5kaspersky1freebsd1amazon2