First published: Mon Dec 20 2021(Updated: )
apache. Multiple issues were addressed by updating apache to version 2.4.53.
Credit: CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 security@apache.org CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/jbcs-httpd24-httpd | <0:2.4.51-28.el8 | 0:2.4.51-28.el8 |
redhat/jbcs-httpd24-httpd | <0:2.4.51-28.el7 | 0:2.4.51-28.el7 |
redhat/httpd24-httpd | <0:2.4.34-23.el7.5 | 0:2.4.34-23.el7.5 |
debian/apache2 | 2.4.38-3+deb10u8 2.4.38-3+deb10u10 2.4.56-1~deb11u2 2.4.56-1~deb11u1 2.4.57-2 2.4.57-3 2.4.58-1 | |
Apple Catalina | ||
Apache HTTP server | >=2.4.7<2.4.52 | |
Fedoraproject Fedora | =34 | |
Fedoraproject Fedora | =35 | |
Fedoraproject Fedora | =36 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
Tenable Tenable.sc | >=5.14.0<5.20.0 | |
Tenable Tenable.sc | >=5.16.0<202201.1 | |
Oracle Communications Element Manager | <9.0 | |
Oracle Communications Operations Monitor | =4.0 | |
Oracle Communications Operations Monitor | =4.3 | |
Oracle Communications Operations Monitor | =4.4 | |
Oracle Communications Operations Monitor | =5.0 | |
Oracle Communications Session Report Manager | <9.0 | |
Oracle Communications Session Route Manager | <9.0 | |
Oracle HTTP Server | ||
Oracle HTTP Server | =12.2.1.3.0 | |
Oracle HTTP Server | =12.2.1.4.0 | |
Oracle Instantis Enterprisetrack | =17.1 | |
Oracle Instantis Enterprisetrack | =17.2 | |
Oracle Instantis Enterprisetrack | =17.3 | |
Apple Mac OS X | =10.15.7 | |
Apple Mac OS X | =10.15.7-security_update_2020-001 | |
Apple Mac OS X | =10.15.7-security_update_2021-001 | |
Apple Mac OS X | =10.15.7-security_update_2021-002 | |
Apple Mac OS X | =10.15.7-security_update_2021-003 | |
Apple Mac OS X | =10.15.7-security_update_2021-004 | |
Apple Mac OS X | =10.15.7-security_update_2021-005 | |
Apple Mac OS X | =10.15.7-security_update_2021-006 | |
Apple Mac OS X | =10.15.7-security_update_2021-007 | |
Apple Mac OS X | =10.15.7-security_update_2021-008 | |
Apple Mac OS X | =10.15.7-security_update_2022-001 | |
Apple Mac OS X | =10.15.7-security_update_2022-002 | |
Apple Mac OS X | =10.15.7-security_update_2022-003 | |
Apple macOS | <10.15.7 | |
Apple macOS | >=11.0<11.6.6 | |
Apple macOS | >=12.0.0<12.4 | |
redhat/httpd | <2.4.52 | 2.4.52 |
Apple macOS Big Sur | <11.6.6 | 11.6.6 |
Apple macOS Monterey | <12.4 | 12.4 |
>=2.4.7<2.4.52 | ||
=34 | ||
=35 | ||
=36 | ||
=10.0 | ||
=11.0 | ||
>=5.14.0<5.20.0 | ||
>=5.16.0<202201.1 | ||
<9.0 | ||
=4.0 | ||
=4.3 | ||
=4.4 | ||
=5.0 | ||
<9.0 | ||
<9.0 | ||
=12.2.1.3.0 | ||
=12.2.1.4.0 | ||
=17.1 | ||
=17.2 | ||
=17.3 | ||
=10.15.7 | ||
=10.15.7-security_update_2020-001 | ||
=10.15.7-security_update_2021-001 | ||
=10.15.7-security_update_2021-002 | ||
=10.15.7-security_update_2021-003 | ||
=10.15.7-security_update_2021-004 | ||
=10.15.7-security_update_2021-005 | ||
=10.15.7-security_update_2021-006 | ||
=10.15.7-security_update_2021-007 | ||
=10.15.7-security_update_2021-008 | ||
=10.15.7-security_update_2022-001 | ||
=10.15.7-security_update_2022-002 | ||
=10.15.7-security_update_2022-003 | ||
<10.15.7 | ||
>=11.0<11.6.6 | ||
>=12.0.0<12.4 |
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2021-44224 is a vulnerability in the Apache HTTP server that allows for a null pointer dereference and server-side request forgery (SSRF) when the mod_proxy module is configured as a forward proxy.
CVE-2021-44224 can cause a crash or allow for SSRF attacks if a crafted packet is sent to the forward proxy on the adjacent network.
CVE-2021-44224 has a severity value of 7, indicating a high severity.
To fix CVE-2021-44224, update Apache HTTP server to version 2.4.53 or later.
Yes, you can find references for CVE-2021-44224 at the following links: [Link 1](https://support.apple.com/en-us/HT213257), [Link 2](https://support.apple.com/en-us/HT213255), [Link 3](https://support.apple.com/en-us/HT213256).