{"id":"MGASA-2021-0439","summary":"Updated apache packages fix security vulnerability","details":"A crafted method sent through HTTP/2 will bypass validation and be\nforwarded by mod_proxy, which can lead to request splitting or cache\npoisoning. (CVE-2021-33193)\n\nMalformed requests may cause the server to dereference a NULL pointer.\n(CVE-2021-34798)\n\nA carefully crafted request uri-path can cause mod_proxy_uwsgi to read\nabove the allocated memory and crash (DoS). (CVE-2021-36160)\n\nap_escape_quotes() may write beyond the end of a buffer when given\nmalicious input. No included modules pass untrusted data to these\nfunctions, but third-party / external modules may. (CVE-2021-39275)\n\nA crafted request uri-path can cause mod_proxy to forward the request to\nan origin server choosen by the remote user. (CVE-2021-40438)\n","modified":"2026-02-04T03:45:56.372966Z","published":"2021-09-23T04:49:29Z","related":["CVE-2021-33193","CVE-2021-34798","CVE-2021-36160","CVE-2021-39275","CVE-2021-40438"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0439.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29466"},{"type":"REPORT","url":"https://downloads.apache.org/httpd/Announcement2.4.html"},{"type":"REPORT","url":"https://downloads.apache.org/httpd/CHANGES_2.4.49"},{"type":"REPORT","url":"https://httpd.apache.org/security/vulnerabilities_24.html"}],"affected":[{"package":{"name":"apache","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/apache?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.49-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0439.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}