CVE-2021-26690
Description
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
63.38
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-13938,CVE-2020-35452,CVE-2021-26690,CVE-2021-26691 are fixed in Apache 2.4.48 | Windows |
| Vulnerabilities CVE-2021-26691,CVE-2021-26690 are fixed in IBM HTTP 9.0.0.11 | Windows |
| Apache HTTP server (USN-4994-1) apache2_2.4.41-4ubuntu3.3_i386.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2_2.4.41-4ubuntu3.3_amd64.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2_2.4.46-1ubuntu1.2_i386.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2_2.4.46-1ubuntu1.2_amd64.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2_2.4.46-4ubuntu1.1_i386.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2_2.4.46-4ubuntu1.1_amd64.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2_2.4.29-1ubuntu4.16_i386.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2_2.4.29-1ubuntu4.16_amd64.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2-bin_2.4.41-4ubuntu3.3_i386.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2-bin_2.4.41-4ubuntu3.3_amd64.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2-bin_2.4.46-1ubuntu1.2_i386.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2-bin_2.4.46-1ubuntu1.2_amd64.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2-bin_2.4.46-4ubuntu1.1_i386.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2-bin_2.4.46-4ubuntu1.1_amd64.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2-bin_2.4.29-1ubuntu4.16_i386.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2-bin_2.4.29-1ubuntu4.16_amd64.deb | Linux |
| apache2 security update(DSA-4937-1) apache2_2.4.38-3+deb10u5_i386.deb | Linux |
| apache2 security update(DSA-4937-1) apache2_2.4.38-3+deb10u5_amd64.deb | Linux |
| Httpd update (ELSA-2021-9541) httpd-2.4.6-97.0.3.el7_9.1.x86_64.rpm | Linux |
| Httpd-devel update (ELSA-2021-9541) httpd-devel-2.4.6-97.0.3.el7_9.1.x86_64.rpm | Linux |
| Httpd-manual update (ELSA-2021-9541) httpd-manual-2.4.6-97.0.3.el7_9.1.noarch.rpm | Linux |
| Httpd-tools update (ELSA-2021-9541) httpd-tools-2.4.6-97.0.3.el7_9.1.x86_64.rpm | Linux |
| Mod_ldap update (ELSA-2021-9541) mod_ldap-2.4.6-97.0.3.el7_9.1.x86_64.rpm | Linux |
| Mod_proxy_html update (ELSA-2021-9541) mod_proxy_html-2.4.6-97.0.3.el7_9.1.x86_64.rpm | Linux |
| Mod_session update (ELSA-2021-9541) mod_session-2.4.6-97.0.3.el7_9.1.x86_64.rpm | Linux |
| Mod_ssl update (ELSA-2021-9541) mod_ssl-2.4.6-97.0.3.el7_9.1.x86_64.rpm | Linux |
| Httpd update (ELSA-2021-9545) httpd-2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1.x86_64.rpm | Linux |
| Httpd-devel update (ELSA-2021-9545) httpd-devel-2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1.x86_64.rpm | Linux |
| Httpd-filesystem update (ELSA-2021-9545) httpd-filesystem-2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1.noarch.rpm | Linux |
| Httpd-manual update (ELSA-2021-9545) httpd-manual-2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1.noarch.rpm | Linux |
| Httpd-tools update (ELSA-2021-9545) httpd-tools-2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1.x86_64.rpm | Linux |
| Mod_http2 update (ELSA-2021-9545) mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.x86_64.rpm | Linux |
| Mod_ldap update (ELSA-2021-9545) mod_ldap-2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1.x86_64.rpm | Linux |
| Mod_md update (ELSA-2021-9545) mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.x86_64.rpm | Linux |
| Mod_proxy_html update (ELSA-2021-9545) mod_proxy_html-2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1.x86_64.rpm | Linux |
| Mod_session update (ELSA-2021-9545) mod_session-2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1.x86_64.rpm | Linux |
| Mod_ssl update (ELSA-2021-9545) mod_ssl-2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1.x86_64.rpm | Linux |
| Httpd update (ELSA-2022-0143) httpd-2.4.6-97.0.5.el7_9.4.x86_64.rpm | Linux |
| Httpd-devel update (ELSA-2022-0143) httpd-devel-2.4.6-97.0.5.el7_9.4.x86_64.rpm | Linux |
| Httpd-manual update (ELSA-2022-0143) httpd-manual-2.4.6-97.0.5.el7_9.4.noarch.rpm | Linux |
| Httpd-tools update (ELSA-2022-0143) httpd-tools-2.4.6-97.0.5.el7_9.4.x86_64.rpm | Linux |
| Mod_ldap update (ELSA-2022-0143) mod_ldap-2.4.6-97.0.5.el7_9.4.x86_64.rpm | Linux |
| Mod_proxy_html update (ELSA-2022-0143) mod_proxy_html-2.4.6-97.0.5.el7_9.4.x86_64.rpm | Linux |
| Mod_session update (ELSA-2022-0143) mod_session-2.4.6-97.0.5.el7_9.4.x86_64.rpm | Linux |
| Mod_ssl update (ELSA-2022-0143) mod_ssl-2.4.6-97.0.5.el7_9.4.x86_64.rpm | Linux |
| Httpd update (ELSA-2022-1045) httpd-2.4.6-97.0.5.el7_9.5.x86_64.rpm | Linux |
| Httpd-devel update (ELSA-2022-1045) httpd-devel-2.4.6-97.0.5.el7_9.5.x86_64.rpm | Linux |
| Httpd-manual update (ELSA-2022-1045) httpd-manual-2.4.6-97.0.5.el7_9.5.noarch.rpm | Linux |
| Httpd-tools update (ELSA-2022-1045) httpd-tools-2.4.6-97.0.5.el7_9.5.x86_64.rpm | Linux |
| Mod_ldap update (ELSA-2022-1045) mod_ldap-2.4.6-97.0.5.el7_9.5.x86_64.rpm | Linux |
| Mod_proxy_html update (ELSA-2022-1045) mod_proxy_html-2.4.6-97.0.5.el7_9.5.x86_64.rpm | Linux |
| Mod_session update (ELSA-2022-1045) mod_session-2.4.6-97.0.5.el7_9.5.x86_64.rpm | Linux |
| Mod_ssl update (ELSA-2022-1045) mod_ssl-2.4.6-97.0.5.el7_9.5.x86_64.rpm | Linux |
| Httpd update (ELSA-2023-1593) httpd-2.4.6-98.0.3.el7_9.7.x86_64.rpm | Linux |
| Httpd-devel update (ELSA-2023-1593) httpd-devel-2.4.6-98.0.3.el7_9.7.x86_64.rpm | Linux |
| Httpd-manual update (ELSA-2023-1593) httpd-manual-2.4.6-98.0.3.el7_9.7.noarch.rpm | Linux |
| Httpd-tools update (ELSA-2023-1593) httpd-tools-2.4.6-98.0.3.el7_9.7.x86_64.rpm | Linux |
| Mod_session update (ELSA-2023-1593) mod_session-2.4.6-98.0.3.el7_9.7.x86_64.rpm | Linux |
| Mod_ssl update (ELSA-2023-1593) mod_ssl-2.4.6-98.0.3.el7_9.7.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234