Search

Security ID : QSA-21-62

Vulnerabilities in Apache HTTP Server

  • Release date : December 30, 2021

  • CVE identifier : CVE-2021-44224 | CVE-2021-44790

  • Not affected products: QTS, QuTS hero, and QuTScloud

  • Affected products: None

Status

Resolved

Summary

The Apache Software Foundation has reported two vulnerabilities affecting Apache HTTP Server. If exploited, one of the vulnerabilities may allow a remote attacker to take control of the affected system:

  • CVE-2021-44224: Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier
  • CVE-2021-44790: Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier

We have determined that the QTS, QuTS hero, and QuTScloud operating systems are not affected.

Revision History: V1.0 (December 30, 2021) - Published

Choose specification

      Show more Less

      Choose Your Country or Region

      open menu
      back to top