CVE-2021-26691

Description

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow

Related CPE's

aapachehttp_server********

vulnerable

References

N/A

Vendor Advisory

N/A

Mailing ListRelease NotesVendor Advisory

[httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json

Mailing ListVendor Advisory

[httpd-announce] 20210609 CVE-2021-26691: mod_session response handling heap overflow

Mailing ListVendor Advisory

[oss-security] 20210609 CVE-2021-26691: Apache httpd: mod_session response handling heap overflow

Mailing ListThird Party Advisory

CvssV3 impact

BaseSeverity

CRITICAL

ConfidentialityImpact

HIGH

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

HIGH

IntegrityImpact

HIGH

PrivilegesRequired

NONE

BaseScore

9.8

VectorString

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Version

3.1

UserInteraction

NONE

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

PARTIAL

AvailabilityImpact

PARTIAL

IntegrityImpact

PARTIAL

BaseScore

7.5

VectorString

AV:N/AC:L/Au:N/C:P/I:P/A:P

Version

2.0

AccessVector

NETWORK

Authentication

NONE

Created by Yello
About Severity.io