---

CVE-2021-33193 - log back

CVE-2021-33193 edited at 16 Sep 2021 16:30:50
Description	- A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. + In Apache HTTP Server before version 2.4.49, a crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning.
References	+ https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-33193 https://portswigger.net/research/http2 https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c

CVE-2021-33193 edited at 23 Aug 2021 10:47:51
Description	- A security issue has been found in Apache httpd. mod_proxy is vulnerable to request line injections when using HTTP/2. + A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.

CVE-2021-33193 edited at 12 Aug 2021 07:30:31
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Url request injection
Description	+ A security issue has been found in Apache httpd. mod_proxy is vulnerable to request line injections when using HTTP/2.
References	+ https://portswigger.net/research/http2 + https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c
Notes

CVE-2021-33193 created at 12 Aug 2021 07:28:21