VDB
DEBIAN-CVE-2021-36160
DEBIAN-CVE-2021-36160
PUBLISHED
CVSS 7.5 HIGH
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | apache2 | 0, 0, 0 |
| Debian:13 | apache2 | 0, 0, 0 |
| Debian:14 | apache2 | 0, 0, 0 |
| Debian:12 | uwsgi | 2.0.31-4, 2.0.31-3, 2.0.31-2 |
| Debian:11 | apache2 | 2.4.49-2, 0, 2.4.48-3.1 |
| Debian:14 | uwsgi | 0, 2.0.30-1, 2.0.31-3 |
| Debian:13 | uwsgi | 0, 2.0.28-9, 2.0.29-1 |
| Debian:11 | uwsgi | 2.0.28-5, 2.0.28-8, 2.0.21-6 |
Timeline
- Sep 16, 2021 CVE Published
- Apr 28, 2026 CVE Updated