VDB
CVE-2021-20325
CVE-2021-20325
PUBLISHED
CVSS 8.699999809265137 HIGH
In Apache HTTP Server existieren mehrere Schwachstellen. Die Schwachstellen bestehen aufgrund einer NULL-Zeiger-Dereferenz im "httpd core", eines Pufferüberlaufs in "ap_escape_quotes" bei böswilliger Eingabe und einer Server Side Request Forgery (SSRF) bei der Verwendung von "mod_proxy". Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen.
EPSS 0.93% · 76.5th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:L/SA:N
EPSS Score
0.93%
76.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Avaya | Avaya Aura Experience Portal | |
| Broadcom | Broadcom Brocade Switch | |
| F5 | F5 BIG-IP <16.1.4 | |
| Oracle | Oracle Linux | |
| Cisco | Cisco TelePresence Video Communication Server | |
| Cisco | Cisco Wide Area Application Services | |
| Ubuntu | Ubuntu Linux | |
| Cisco | Cisco Prime Infrastructure | |
| HPE | HPE Fabric OS | |
| F5 | F5 BIG-IP <17.0.0 | |
| Amazon | Amazon Linux 2 | |
| Gentoo | Gentoo Linux | |
| F5 | F5 BIG-IP <15.1.7 | |
| Hitachi | Hitachi Command Suite | |
| Cisco | Cisco Firepower | |
| Apache | Apache HTTP Server <2.4.49 | |
| Cisco | Cisco Expressway | |
| Cisco | Cisco Prime Collaboration Provisioning | |
| Cisco | Cisco Security Manager (CSM) | |
| Avaya | Avaya Web License Manager |
…and 18 more
Exploit Intelligence
Timeline
- Jun 9, 2021 CVE Published
- Feb 19, 2022 EPSS Score
- Mar 17, 2022 CVE Updated
- Apr 12, 2022 EPSS Score
- Jun 3, 2022 EPSS Score
- Jul 26, 2022 EPSS Score
- Sep 16, 2022 EPSS Score
- Dec 29, 2022 EPSS Score
- Feb 19, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 13, 2023 EPSS Score
- Jun 4, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-0438.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0438 advisory
- https://httpd.apache.org/security/vulnerabilities_24.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2021-June/009032.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2021-June/009030.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2021-June/009024.html advisory
- https://ubuntu.com/security/notices/USN-4994-1 advisory
- https://ubuntu.com/security/notices/USN-4994-2 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2021-June/009074.html advisory
- https://alas.aws.amazon.com/AL2/ALAS-2021-1659.html advisory
- https://alas.aws.amazon.com/AL2/ALAS-2021-1674.html advisory
- https://www.debian.org/security/2021/dsa-4937 advisory
- https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html advisory
- https://alas.aws.amazon.com/ALAS-2021-1514.html advisory
- https://linux.oracle.com/errata/ELSA-2021-9541.html advisory
- https://security.gentoo.org/glsa/202107-38 advisory
- https://access.redhat.com/errata/RHSA-2021:3816 advisory
- http://linux.oracle.com/errata/ELSA-2021-3816.html advisory
- https://access.redhat.com/errata/RHSA-2021:4537 advisory
- https://access.redhat.com/errata/RHSA-2021:4257 advisory
…and 68 more