CVE-2021-36160

HIGH

Apache HTTP Server <2.4.49 - DoS

Title source: llm
STIX 2.1

Description

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).

References (24)

Core 24
Core References
Release Notes, Vendor Advisory x_refsource_misc
http://httpd.apache.org/security/vulnerabilities_24.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/09/msg00016.html
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2021/dsa-4982
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/10/msg00016.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujan2022.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20211008-0004/
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuapr2022.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202208-20

Scores

CVSS v3 7.5
EPSS 0.0469
EPSS Percentile 89.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-125
Status published
Products (20)
apache/http_server 2.4.30 - 2.4.49
broadcom/brocade_fabric_operating_system_firmware
debian/debian_linux 9.0
debian/debian_linux 10.0
debian/debian_linux 11.0
fedoraproject/fedora 34
fedoraproject/fedora 35
netapp/cloud_backup
netapp/clustered_data_ontap
netapp/storagegrid
... and 10 more
Published Sep 16, 2021
Tracked Since Feb 18, 2026