CVE-2021-44224: Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier

First published: Mon Dec 20 2021(Updated: )

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).

Credit: CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 Lockheed Martin Red Team an anonymous researcher Jeremy Brown Trend Micro Zero Day InitiativeMichael DePlante @izobashi Trend Micro Zero Day InitiativeQi Sun Trend MicroYe Zhang @co0py_Cat Baidu SecurityRobert Ai Trend MicroArsenii Kostromin (0x3c3e) Yonghwi Jin @jinmo123 TheoriLinus Henze Pinauten GmbHLiu Long Ant Security LightJack Dates RET2 Systems IncAntonio Zekic @antoniozekic Jeonghoon Shin Theori working with Trend Micro Zero Day InitiativePeter Nguyễn Vũ Hoàng @peternguyen14 STAR LabsNed Williamson Google Project Zero @gorelics BreakPoint BreakPointRon Masas BreakPointWojciech Reguła @_r3ggi SecuRingArsenii Kostromin (0x3c3e) MicrosoftJonathan Bar Or MicrosoftZhipeng Huo @R3dF09 Tencent Security Xuanwu LabYuebin Sun @yuebinsun2020 Tencent Security Xuanwu LabMax Shavrick @_mxms the Google Security TeamZubair Ashraf CrowdstrikeCVE-2022-0778 CVE-2022-23308 Mickey Jin @patch1t @gorelics Peter Nguyễn Vũ Hoàng STAR LabsFelix Poulin-Belanger Antonio Cheong Yu Xuan YCISCQCVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 Heige KnownSec 404 TeamBo Qu Palo Alto NetworksScarlet Raine Wang Yu CyberservalCVE-2022-0530 Tavis Ormandy CVE-2021-45444 ABC Research s.r.o Jon Thompson EvolveIA) actae0n Blacksun Hackers Club working with Trend Micro Zero Day InitiativeAndrew Williams GoogleAvi Drissman Googlechenyuwang @mzzzz__ Tencent Security Xuanwu LabJordy Zomer @pwningsystems Paul Walker BuryNathaniel Ekoniak Ennate TechnologiesGergely Kalman @gergely_kalman Mandiant MandiantJoshua Mason MandiantRon Waisberg SecuRingan anonymous researcher SecuRing Perception PointRon Hass @ronhass7 Perception Pointryuzaki Chijin Zhou ShuiMuYuLin LtdTsinghua wingtecher lab Jeonghoon Shin TheoriSorryMybad @S0rryMybad Kunlun LabDongzhuo Zhao ADLab of Venustech security@apache.org

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-cve
• collector/security-tracker-debian
• agent/type
• agent/first-publish-date
• agent/remedy
• agent/severity
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2021-44224
• agent/software-canonical-lookup
• collector/mitre-cve
• source/MITRE
• agent/title
• collector/apple-support
• source/Apple
• alias/CVE-2021-44790
• alias/CVE-2022-22719
• alias/CVE-2022-22720
• alias/CVE-2022-22721
• agent/last-modified-date
• agent/event
• agent/trending
• agent/source
• agent/software-canonical-lookup-request
• agent/references
• agent/weakness
• agent/description
• alias/CVE-2022-22665
• alias/CVE-2022-22675
• alias/CVE-2022-22630
• alias/CVE-2022-26751
• alias/CVE-2022-26698
• alias/CVE-2022-26697
• alias/CVE-2022-22663
• alias/CVE-2022-26721
• alias/CVE-2022-26722
• alias/CVE-2022-26763
• alias/CVE-2022-22674
• alias/CVE-2022-26720
• alias/CVE-2022-26770
• alias/CVE-2022-26756
• alias/CVE-2022-26769
• alias/CVE-2022-26748
• alias/CVE-2022-26768
• alias/CVE-2022-26714
• alias/CVE-2022-26757
• alias/CVE-2021-30946
• alias/CVE-2022-26767
• alias/CVE-2022-26706
• alias/CVE-2022-32882
• alias/CVE-2022-32790
• alias/CVE-2022-26776
• alias/CVE-2022-0778
• alias/CVE-2022-23308
• alias/CVE-2022-32794
• alias/CVE-2022-26712
• alias/CVE-2022-26746
• alias/CVE-2022-26731
• alias/CVE-2022-26766
• alias/CVE-2022-26718
• alias/CVE-2022-26723
• alias/CVE-2022-26715
• alias/CVE-2022-26728
• alias/CVE-2022-26726
• alias/CVE-2022-26755
• alias/CVE-2021-4136
• alias/CVE-2021-4166
• alias/CVE-2021-4173
• alias/CVE-2021-4187
• alias/CVE-2021-4192
• alias/CVE-2021-4193
• alias/CVE-2021-46059
• alias/CVE-2022-0128
• alias/CVE-2022-22589
• alias/CVE-2022-26745
• alias/CVE-2022-26761
• alias/CVE-2022-0530
• alias/CVE-2018-25032
• alias/CVE-2021-45444
• alias/CVE-2022-26742
• alias/CVE-2022-26749
• alias/CVE-2022-26750
• alias/CVE-2022-26752
• alias/CVE-2022-26753
• alias/CVE-2022-26754
• alias/CVE-2022-26707
• alias/CVE-2022-26736
• alias/CVE-2022-26737
• alias/CVE-2022-26738
• alias/CVE-2022-26739
• alias/CVE-2022-26740
• alias/CVE-2022-32783
• alias/CVE-2022-26694
• alias/CVE-2022-32781
• alias/CVE-2022-26711
• alias/CVE-2022-26725
• alias/CVE-2022-26701
• alias/CVE-2022-26758
• alias/CVE-2022-26743
• alias/CVE-2022-26764
• alias/CVE-2022-26765
• alias/CVE-2022-26708
• alias/CVE-2022-26775
• alias/CVE-2022-48575
• alias/CVE-2022-22617
• alias/CVE-2022-26727
• alias/CVE-2022-32782
• alias/CVE-2022-26693
• alias/CVE-2022-26704
• alias/CVE-2022-42857
• alias/CVE-2022-26696
• alias/CVE-2022-26700
• alias/CVE-2022-26709
• alias/CVE-2022-26710
• alias/CVE-2022-26717
• alias/CVE-2022-26716
• alias/CVE-2022-26719
• alias/CVE-2022-22677
• alias/CVE-2022-26762
• alias/CVE-2022-26741
• agent/author
• agent/softwarecombine
• agent/tags
• collector/nvd-api
• source/NVD
• collector/nvd-index
• package-manager/redhat
• package-manager/debian
• vendor/apple
• canonical/apple macos monterey
• canonical/apple macos
• canonical/macos catalina
• vendor/apache
• canonical/apache http server
• version/apache http server/2.4.7
• vendor/fedoraproject
• canonical/fedora
• version/fedora/34
• version/fedora/35
• version/fedora/36
• vendor/debian
• canonical/debian
• version/debian/10.0
• version/debian/11.0
• vendor/tenable
• canonical/tenable tenable.sc
• version/tenable tenable.sc/5.14.0
• version/tenable tenable.sc/5.16.0
• vendor/oracle
• canonical/oracle communications element manager
• canonical/oracle communications operations monitor
• version/oracle communications operations monitor/4.0
• version/oracle communications operations monitor/4.3
• version/oracle communications operations monitor/4.4
• version/oracle communications operations monitor/5.0
• canonical/oracle communications session report manager
• canonical/oracle communications session route manager
• canonical/oracle http server
• version/oracle http server/12.2.1.3.0
• version/oracle http server/12.2.1.4.0
• canonical/oracle instantis enterprisetrack
• version/oracle instantis enterprisetrack/17.1
• version/oracle instantis enterprisetrack/17.2
• version/oracle instantis enterprisetrack/17.3
• canonical/apple ios and macos
• version/apple ios and macos/10.15.7
• version/apple ios and macos/10.15.7-security_update_2020-001
• version/apple ios and macos/10.15.7-security_update_2021-001
• version/apple ios and macos/10.15.7-security_update_2021-002
• version/apple ios and macos/10.15.7-security_update_2021-003
• version/apple ios and macos/10.15.7-security_update_2021-004
• version/apple ios and macos/10.15.7-security_update_2021-005
• version/apple ios and macos/10.15.7-security_update_2021-006
• version/apple ios and macos/10.15.7-security_update_2021-007
• version/apple ios and macos/10.15.7-security_update_2021-008
• version/apple ios and macos/10.15.7-security_update_2022-001
• version/apple ios and macos/10.15.7-security_update_2022-002
• version/apple ios and macos/10.15.7-security_update_2022-003
• version/apple ios and macos/11.0
• version/apple ios and macos/12.0.0