NULL pointer dereference in Apache Software Foundation Http Server
CVE-2021-34798
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
EPSS: 0.628 (99.1th percentile) — read the EPSS interpretation.
Affected products
- Apache Software Foundation Http Server — versions Apache HTTP Server 2.4
Weakness classification (CWE)
Public proof-of-concept exploits
References
- httpd.apache.org/security/vulnerabilities_24.html (x_refsource_MISC)
- FEDORA-2021-dce7e7738e (vendor-advisory, x_refsource_FEDORA)
- [httpd-users] 20210923 [users@httpd] 2.4.49 security fixes: more info (mailing-list, x_refsource_MLIST)
- [httpd-users] 20210923 Re: [users@httpd] 2.4.49 security fixes: more info (mailing-list, x_refsource_MLIST)
- [httpd-users] 20210923 [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info (mailing-list, x_refsource_MLIST)
- [httpd-users] 20210923 Re: [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info (mailing-list, x_refsource_MLIST)
- FEDORA-2021-e3f6dd670d (vendor-advisory, x_refsource_FEDORA)
- [debian-lts-announce] 20211002 [SECURITY] [DLA 2776-1] apache2 security update (mailing-list, x_refsource_MLIST)
- DSA-4982 (vendor-advisory, x_refsource_DEBIAN)
- 20211124 Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021 (vendor-advisory, x_refsource_CISCO)
Frequently asked questions
- What is CVE-2021-34798?
- CVE-2021-34798 is a vulnerability in Apache Software Foundation Http Server, classified under NULL Pointer Dereference. Published 2021-09-16.
- Is CVE-2021-34798 known to be exploited?
- 17 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.