First published: Mon Dec 20 2021(Updated: )
apache. Multiple issues were addressed by updating apache to version 2.4.53.
Credit: CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apple Catalina | ||
Apple macOS Big Sur | <11.6.6 | 11.6.6 |
<12.4 | 12.4 | |
Apache HTTP server | >=2.4.7<2.4.52 | |
Fedoraproject Fedora | =34 | |
Fedoraproject Fedora | =35 | |
Fedoraproject Fedora | =36 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
Tenable Tenable.sc | >=5.14.0<5.20.0 | |
Tenable Tenable.sc | >=5.16.0<202201.1 | |
Oracle Communications Element Manager | <9.0 | |
Oracle Communications Operations Monitor | =4.0 | |
Oracle Communications Operations Monitor | =4.3 | |
Oracle Communications Operations Monitor | =4.4 | |
Oracle Communications Operations Monitor | =5.0 | |
Oracle Communications Session Report Manager | <9.0 | |
Oracle Communications Session Route Manager | <9.0 | |
Oracle HTTP Server | ||
Oracle HTTP Server | =12.2.1.3.0 | |
Oracle HTTP Server | =12.2.1.4.0 | |
Oracle Instantis Enterprisetrack | =17.1 | |
Oracle Instantis Enterprisetrack | =17.2 | |
Oracle Instantis Enterprisetrack | =17.3 | |
Apple Mac OS X | =10.15.7 | |
Apple Mac OS X | =10.15.7-security_update_2020-001 | |
Apple Mac OS X | =10.15.7-security_update_2021-001 | |
Apple Mac OS X | =10.15.7-security_update_2021-002 | |
Apple Mac OS X | =10.15.7-security_update_2021-003 | |
Apple Mac OS X | =10.15.7-security_update_2021-004 | |
Apple Mac OS X | =10.15.7-security_update_2021-005 | |
Apple Mac OS X | =10.15.7-security_update_2021-006 | |
Apple Mac OS X | =10.15.7-security_update_2021-007 | |
Apple Mac OS X | =10.15.7-security_update_2021-008 | |
Apple Mac OS X | =10.15.7-security_update_2022-001 | |
Apple Mac OS X | =10.15.7-security_update_2022-002 | |
Apple Mac OS X | =10.15.7-security_update_2022-003 | |
Apple macOS | <10.15.7 | |
Apple macOS | >=11.0<11.6.6 | |
Apple macOS | >=12.0.0<12.4 | |
redhat/httpd | <2.4.52 | 2.4.52 |
redhat/jbcs-httpd24-httpd | <0:2.4.51-28.el8 | 0:2.4.51-28.el8 |
redhat/jbcs-httpd24-httpd | <0:2.4.51-28.el7 | 0:2.4.51-28.el7 |
redhat/httpd24-httpd | <0:2.4.34-23.el7.5 | 0:2.4.34-23.el7.5 |
debian/apache2 | 2.4.38-3+deb10u8 2.4.38-3+deb10u10 2.4.56-1~deb11u2 2.4.56-1~deb11u1 2.4.57-2 2.4.57-3 2.4.58-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2021-44224 is a vulnerability in the Apache HTTP server that allows for a null pointer dereference and server-side request forgery (SSRF) when the mod_proxy module is configured as a forward proxy.
CVE-2021-44224 can cause a crash or allow for SSRF attacks if a crafted packet is sent to the forward proxy on the adjacent network.
CVE-2021-44224 has a severity value of 7, indicating a high severity.
To fix CVE-2021-44224, update Apache HTTP server to version 2.4.53 or later.
Yes, you can find references for CVE-2021-44224 at the following links: [Link 1](https://support.apple.com/en-us/HT213257), [Link 2](https://support.apple.com/en-us/HT213255), [Link 3](https://support.apple.com/en-us/HT213256).