CVE-2021-33193 - log back

CVE-2021-33193 edited at 16 Sep 2021 16:30:50
Description
- A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.
+ In Apache HTTP Server before version 2.4.49, a crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning.
References
+ https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-33193
https://portswigger.net/research/http2
https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c
CVE-2021-33193 edited at 23 Aug 2021 10:47:51
Description
- A security issue has been found in Apache httpd. mod_proxy is vulnerable to request line injections when using HTTP/2.
+ A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.
CVE-2021-33193 edited at 12 Aug 2021 07:30:31
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Url request injection
Description
+ A security issue has been found in Apache httpd. mod_proxy is vulnerable to request line injections when using HTTP/2.
References
+ https://portswigger.net/research/http2
+ https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c
Notes
CVE-2021-33193 created at 12 Aug 2021 07:28:21