Home

CVE-2021-44790

Description

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
87.092

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2021-44224,CVE-2021-44790 are fixed in Apache Apache 2.4.52Windows
Multiple vulnerabilities are fixed in IBM HTTP 9.0.5.11Windows
Multiple vulnerabilities are fixed in Mac OS - Monterey 12.4 (Software Update) - AutoRebootMac
Multiple vulnerabilities are fixed in MacOS Big Sur 11.6.6 - Software UpdateMac
apache2 security update(DSA-5035-1) apache2_2.4.38-3+deb10u7_i386.debLinux
apache2 security update(DSA-5035-1) apache2_2.4.38-3+deb10u7_amd64.debLinux
apache2 security update(DSA-5035-1) apache2_2.4.52-1~deb11u2_amd64.debLinux
Httpd update (ELSA-2022-0143) httpd-2.4.6-97.0.5.el7_9.4.x86_64.rpmLinux
Httpd-devel update (ELSA-2022-0143) httpd-devel-2.4.6-97.0.5.el7_9.4.x86_64.rpmLinux
Httpd-manual update (ELSA-2022-0143) httpd-manual-2.4.6-97.0.5.el7_9.4.noarch.rpmLinux
Httpd-tools update (ELSA-2022-0143) httpd-tools-2.4.6-97.0.5.el7_9.4.x86_64.rpmLinux
Mod_ldap update (ELSA-2022-0143) mod_ldap-2.4.6-97.0.5.el7_9.4.x86_64.rpmLinux
Mod_proxy_html update (ELSA-2022-0143) mod_proxy_html-2.4.6-97.0.5.el7_9.4.x86_64.rpmLinux
Mod_session update (ELSA-2022-0143) mod_session-2.4.6-97.0.5.el7_9.4.x86_64.rpmLinux
Mod_ssl update (ELSA-2022-0143) mod_ssl-2.4.6-97.0.5.el7_9.4.x86_64.rpmLinux
Httpd update (ELSA-2022-0258) httpd-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.x86_64.rpmLinux
Httpd-devel update (ELSA-2022-0258) httpd-devel-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.x86_64.rpmLinux
Httpd-filesystem update (ELSA-2022-0258) httpd-filesystem-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.noarch.rpmLinux
Httpd-manual update (ELSA-2022-0258) httpd-manual-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.noarch.rpmLinux
Httpd-tools update (ELSA-2022-0258) httpd-tools-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.x86_64.rpmLinux
Mod_http2 update (ELSA-2022-0258) mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.x86_64.rpmLinux
Mod_ldap update (ELSA-2022-0258) mod_ldap-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.x86_64.rpmLinux
Mod_md update (ELSA-2022-0258) mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.x86_64.rpmLinux
Mod_proxy_html update (ELSA-2022-0258) mod_proxy_html-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.x86_64.rpmLinux
Mod_session update (ELSA-2022-0258) mod_session-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.x86_64.rpmLinux
Mod_ssl update (ELSA-2022-0258) mod_ssl-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.x86_64.rpmLinux
SUSE-SU-2022:0440-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-2.4.51-35.7.1.x86_64.rpmLinux
SUSE-SU-2022:0440-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-debuginfo-2.4.51-35.7.1.x86_64.rpmLinux
SUSE-SU-2022:0440-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-debugsource-2.4.51-35.7.1.x86_64.rpmLinux
SUSE-SU-2022:0440-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-doc-2.4.51-35.7.1.noarch.rpmLinux
SUSE-SU-2022:0440-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-example-pages-2.4.51-35.7.1.x86_64.rpmLinux
SUSE-SU-2022:0440-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-prefork-2.4.51-35.7.1.x86_64.rpmLinux
SUSE-SU-2022:0440-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-prefork-debuginfo-2.4.51-35.7.1.x86_64.rpmLinux
SUSE-SU-2022:0440-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-utils-2.4.51-35.7.1.x86_64.rpmLinux
SUSE-SU-2022:0440-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-utils-debuginfo-2.4.51-35.7.1.x86_64.rpmLinux
SUSE-SU-2022:0440-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-worker-2.4.51-35.7.1.x86_64.rpmLinux
SUSE-SU-2022:0440-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-worker-debuginfo-2.4.51-35.7.1.x86_64.rpmLinux
Vulnerabilities CVE-2021-44224,CVE-2021-44790 are fixed in Apache Apache 2.4.52 (For Linux)Linux
CVE-2021-44790NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-608134Mac OS - Monterey 12.7.6 (Software Update) - AutoReboot (CVE-2024-27877)
PATCH-605753MacOS Big Sur 11.7.10 - Software Update (Force Reboot)(CVE-2023-41064)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234