Guide to vulnerabilities for Apache HTTP Server CVE-2021-444224 / CVE-2021-44790 | Cloud SECaaS platform AIONCLOUD

AIONCLOUD BLOG

Share information related to AIONCLOUD !

Back to BLOG Main

Guide to vulnerabilities for Apache HTTP Server CVE-2021-444224 / CVE-2021-44790

Hello, this is MONITORAPP technical support team.

We are sending you our review of the two vulnerabilities in the title.

We are sending you an internal review related to the two patterns.

CVE-2021-44224

- This vulnerability is a case that cannot be dealt with in a pattern.

- There is no NULL check in the return result for ap_proxy_de_soketfy(), so if it is NULL, the web server process ends in reverse reference situation

- It is about proxy settings, which are used internally on the apache server

CVE-2021-44790

- This vulnerability is a case that cannot be dealt with in a pattern.

- Regarding compliance with MIME rules, blocking that routine will cause a number of service failures.

- Possible problem if there is no 8 byte between crlf and end

These vulnerabilities are limited to specific versions of Apache HTTP Server and require the latest version update to be applied.

Please also note that our product line is not within the scope of impact.

Thank you.

Copyright 2024 AIONCLOUD's All Right Reserved| Privacy Policy| Terms of Use| Cookie Settings
Scroll Up