安全ID : QSA-21-62
Vulnerabilities in Apache HTTP Server
发布日期 : December 30, 2021
通用漏洞披露 : CVE-2021-44224 | CVE-2021-44790
未受影响产品: QTS, QuTS hero, and QuTScloud
受影响产品: None
状态
已解决
Summary
The Apache Software Foundation has reported two vulnerabilities affecting Apache HTTP Server. If exploited, one of the vulnerabilities may allow a remote attacker to take control of the affected system:
- CVE-2021-44224: Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier
- CVE-2021-44790: Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier
We have determined that the QTS, QuTS hero, and QuTScloud operating systems are not affected.
修订历史: V1.0 (December 30, 2021) - Published
