Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
Max CVSS
7.5
EPSS Score
0.46%
Published
2021-09-16
Updated
2022-10-28
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
Max CVSS
7.5
EPSS Score
0.16%
Published
2021-09-16
Updated
2022-10-18
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
Max CVSS
9.8
EPSS Score
0.58%
Published
2021-09-16
Updated
2022-10-05

CVE-2021-40438

Known exploited
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
Max CVSS
9.0
EPSS Score
97.41%
Published
2021-09-16
Updated
2022-10-05
CISA KEV Added
2021-12-01
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!