CVE-2021-36160 | SynScan

Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2021-36160

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).

Published: Sep 16, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-36160
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-125

Affected Software
References

Software	From	Fixed in
fedoraproject / fedora	34	34.x
fedoraproject / fedora	35	35.x
debian / debian_linux	9.0	9.0.x
debian / debian_linux	10.0	10.0.x
debian / debian_linux	11.0	11.0.x
oracle / http_server	12.2.1.3.0	12.2.1.3.0.x
oracle / instantis_enterprisetrack	17.1	17.1.x
oracle / instantis_enterprisetrack	17.2	17.2.x
oracle / instantis_enterprisetrack	17.3	17.3.x
oracle / peoplesoft_enterprise_peopletools	8.58	8.58.x
oracle / enterprise_manager_base_platform	13.4.0.0	13.4.0.0.x
oracle / http_server	12.2.1.4.0	12.2.1.4.0.x
oracle / zfs_storage_appliance_kit	8.8	8.8.x
oracle / enterprise_manager_base_platform	13.5.0.0	13.5.0.0.x
oracle / communications_cloud_native_core_network_function_cloud_native_environment	1.10.0	1.10.0.x
apache / http_server	2.4.30	2.4.49