AVG-2289 log

Package apache
Status Fixed
Severity High
Type multiple issues
Affected 2.4.48-1
Fixed 2.4.49-1
Current 2.4.58-1 [extra]
Ticket None
Created Thu Aug 12 07:28:21 2021
Issue Severity Remote Type Description
CVE-2021-40438 High Yes Url request injection
In Apache HTTP Server before version 2.4.49, a crafted request uri- path can cause mod_proxy to forward the request to an origin server choosen by the remote user.
CVE-2021-39275 Low Yes Arbitrary code execution
In Apache HTTP Server before version 2.4.49, ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass...
CVE-2021-36160 Medium Yes Denial of service
In Apache HTTP Server before version 2.4.49, a carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash...
CVE-2021-34798 Medium Yes Denial of service
Malformed requests may cause  Apache HTTP Server before version 2.4.49 to dereference a NULL pointer, resulting in denial of service.
CVE-2021-33193 Medium Yes Url request injection
In Apache HTTP Server before version 2.4.49, a crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to...