Cisco Security Advisory - Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021

Started by Netwörkheäd, December 04, 2021, 12:18:41 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Netwörkheäd

December 04, 2021, 12:18:41 AM
Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021

On September 16, 2021, the Apache Software Foundation disclosed five vulnerabilities affecting the Apache HTTP Server (httpd) 2.4.48 and earlier releases.


For a description of these vulnerabilities, see the Apache HTTP Server 2.4.49 section of the Apache HTTP Server 2.4 vulnerabilities webpage.


This advisory will be updated as additional information becomes available.


This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ



A vulnerability in the mod_proxy module of Apache HTTP Server (httpd) could allow an unauthenticated, remote attacker to make the httpd server forward requests to an arbitrary server.


This vulnerability is due to incorrect handling of unix: URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to a vulnerable device. A successful exploit could allow the attacker to get, modify, or delete resources on other services that may be inaccessible otherwise.



     
         
Security Impact Rating:  High
   
   
       
CVE: CVE-2021-33193,CVE-2021-34798,CVE-2021-36160,CVE-2021-39275,CVE-2021-40438
Source: Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021
Let's not argue. Let's network!
Print
Go Up Pages1
User actions