VDB
DEBIAN-CVE-2021-44790
DEBIAN-CVE-2021-44790
PUBLISHED
CVSS 9.800000190734863 CRITICAL
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | apache2 | 2.4.49-1~deb11u2, 2.4.51-1~bpo10+2, 2.4.51-2 |
| Debian:12 | apache2 | 0, 0, 0 |
| Debian:13 | apache2 | 0, 0, 0 |
| Debian:14 | apache2 | 0, 0, 0 |
| Debian | apache2 |
Exploit Intelligence
- Thực nghiệm CVE-2021-44790 (github-poc-repo)
- Thực nghiệm CVE-2021-44790 (github-poc)
- CVEDatabase.swift (github-poc)
- macos_v2_generated.go (github-poc)
- macos_v1_generated.go (github-poc)
Timeline
- Dec 20, 2021 CVE Published
- Apr 28, 2026 CVE Updated