First published: Mon Dec 20 2021(Updated: )
apache. Multiple issues were addressed by updating apache to version 2.4.53.
Credit: CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 security@apache.org CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/httpd | <0:2.4.6-97.el7_9.4 | 0:2.4.6-97.el7_9.4 |
redhat/httpd | <0:2.4.6-45.el7_3.8 | 0:2.4.6-45.el7_3.8 |
redhat/httpd | <0:2.4.6-67.el7_4.9 | 0:2.4.6-67.el7_4.9 |
redhat/httpd | <0:2.4.6-89.el7_6.4 | 0:2.4.6-89.el7_6.4 |
redhat/httpd | <0:2.4.6-90.el7_7.3 | 0:2.4.6-90.el7_7.3 |
redhat/httpd24-httpd | <0:2.4.34-23.el7.1 | 0:2.4.34-23.el7.1 |
debian/apache2 | 2.4.38-3+deb10u8 2.4.38-3+deb10u10 2.4.56-1~deb11u2 2.4.56-1~deb11u1 2.4.57-2 2.4.57-3 2.4.58-1 | |
Apple Catalina | ||
Apache HTTP server | <=2.4.51 | |
Fedoraproject Fedora | =34 | |
Fedoraproject Fedora | =35 | |
Fedoraproject Fedora | =36 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
Tenable Tenable.sc | >=5.16.0<5.20.0 | |
Netapp Cloud Backup | ||
Oracle Communications Element Manager | <=9.0 | |
Oracle Communications Operations Monitor | =4.3 | |
Oracle Communications Operations Monitor | =4.4 | |
Oracle Communications Operations Monitor | =5.0 | |
Oracle Communications Session Report Manager | <=9.0 | |
Oracle Communications Session Route Manager | <=9.0 | |
Oracle HTTP Server | =12.2.1.3.0 | |
Oracle HTTP Server | =12.2.1.4.0 | |
Oracle Instantis Enterprisetrack | =17.1 | |
Oracle Instantis Enterprisetrack | =17.2 | |
Oracle Instantis Enterprisetrack | =17.3 | |
Oracle ZFS Storage Appliance Kit | =8.8 | |
Apple Mac OS X | =10.15.7-security_update_2020-001 | |
Apple Mac OS X | =10.15.7-security_update_2021-001 | |
Apple Mac OS X | =10.15.7-security_update_2021-002 | |
Apple Mac OS X | =10.15.7-security_update_2021-003 | |
Apple Mac OS X | =10.15.7-security_update_2021-004 | |
Apple Mac OS X | =10.15.7-security_update_2021-005 | |
Apple Mac OS X | =10.15.7-security_update_2021-006 | |
Apple Mac OS X | =10.15.7-security_update_2021-007 | |
Apple Mac OS X | =10.15.7-security_update_2021-008 | |
Apple Mac OS X | =10.15.7-security_update_2022-001 | |
Apple Mac OS X | =10.15.7-security_update_2022-002 | |
Apple Mac OS X | =10.15.7-security_update_2022-003 | |
Apple macOS | <10.15.7 | |
Apple macOS | >=11.0<11.6.6 | |
Apple macOS | >=12.0<12.4 | |
redhat/httpd | <2.4.52 | 2.4.52 |
Apple macOS Big Sur | <11.6.6 | 11.6.6 |
Apple macOS Monterey | <12.4 | 12.4 |
<=2.4.51 | ||
=34 | ||
=35 | ||
=36 | ||
=10.0 | ||
=11.0 | ||
>=5.16.0<5.20.0 | ||
<=9.0 | ||
=4.3 | ||
=4.4 | ||
=5.0 | ||
<=9.0 | ||
<=9.0 | ||
=12.2.1.3.0 | ||
=12.2.1.4.0 | ||
=17.1 | ||
=17.2 | ||
=17.3 | ||
=8.8 | ||
=10.15.7-security_update_2020-001 | ||
=10.15.7-security_update_2021-001 | ||
=10.15.7-security_update_2021-002 | ||
=10.15.7-security_update_2021-003 | ||
=10.15.7-security_update_2021-004 | ||
=10.15.7-security_update_2021-005 | ||
=10.15.7-security_update_2021-006 | ||
=10.15.7-security_update_2021-007 | ||
=10.15.7-security_update_2021-008 | ||
=10.15.7-security_update_2022-001 | ||
=10.15.7-security_update_2022-002 | ||
=10.15.7-security_update_2022-003 | ||
<10.15.7 | ||
>=11.0<11.6.6 | ||
>=12.0<12.4 |
Disabling mod_lua and restarting httpd will mitigate this flaw. See https://access.redhat.com/articles/10649 for more information.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2021-44790 is a vulnerability in Apache HTTP Server that allows a carefully crafted request body to cause a buffer overflow in the mod_lua multipart parser.
Apache HTTP Server 2.4.51 and earlier versions are affected by CVE-2021-44790.
CVE-2021-44790 has a severity level of critical.
To fix CVE-2021-44790, update Apache HTTP Server to version 2.4.53 or later.
The Apache httpd team is not aware of an exploit for CVE-2021-44790, but it might be possible to craft one.