CVE-2021-31618

Published: Jun 15, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server. This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.

Affected (11)

Products: Apache: Http Server · Fedoraproject: Fedora · Debian: Debian Linux · +1 more

Show all products

Apache: Http Server · Fedoraproject: Fedora · Debian: Debian Linux · Oracle: Enterprise Manager Ops Center, Instantis Enterprisetrack, Zfs Storage Appliance Kit

1 product

1 product

1 product

3 products

Enterprise Manager Ops Center

Instantis Enterprisetrack

Zfs Storage Appliance Kit

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apache Http Server	Version 1.15.17
Apache Http Server	Version 2.4.47

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 33
Fedoraproject Fedora	Version 34

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 9.0

Configuration D

5 vulnerable

Vulnerable Software	Affected Versions
Oracle Enterprise Manager Ops Center	Version 12.4.0.0
Oracle Instantis Enterprisetrack	Version 17.1
Oracle Instantis Enterprisetrack	Version 17.2
Oracle Instantis Enterprisetrack	Version 17.3
Oracle Zfs Storage Appliance Kit	Version 8.8

Related CWEs

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (26)

http://httpd.apache.org/security/vulnerabilities_24.html

Source: security@apache.org

Release NotesVendor Advisory

http://www.openwall.com/lists/oss-security/2021/06/10/9

Source: security@apache.org

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2024/03/13/2

Source: security@apache.org

https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E

Source: security@apache.org

https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html

Source: security@apache.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/

Source: security@apache.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/

Source: security@apache.org

https://seclists.org/oss-sec/2021/q2/206

Source: security@apache.org

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/202107-38

Source: security@apache.org

Third Party Advisory

https://security.netapp.com/advisory/ntap-20210727-0008/

Source: security@apache.org

Third Party Advisory

https://www.debian.org/security/2021/dsa-4937

Source: security@apache.org

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Source: security@apache.org

PatchThird Party Advisory

http://httpd.apache.org/security/vulnerabilities_24.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

http://www.openwall.com/lists/oss-security/2021/06/10/9

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2024/03/13/2

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/

Source: af854a3a-2127-422b-91ae-364da2661108

https://seclists.org/oss-sec/2021/q2/206

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/202107-38

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.netapp.com/advisory/ntap-20210727-0008/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2021/dsa-4937

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.