Guide to vulnerabilities for Apache HTTP Server CVE-2021-444224 / CVE-2021-44790 | Cloud-Based Platform AIONCLOUD

Threat Intelligence Report

Get up-to-date information on web application vulnerabilities, attacks, and how to respond.

Back to Threat Intelligence Report

Guide to vulnerabilities for Apache HTTP Server CVE-2021-444224 / CVE-2021-44790

Hello, this is MONITORAPP technical support team.

We are sending you our review of the two vulnerabilities in the title.

We are sending you an internal review related to the two patterns.

CVE-2021-44224

- This vulnerability is a case that cannot be dealt with in a pattern.

- There is no NULL check in the return result for ap_proxy_de_soketfy(), so if it is NULL, the web server process ends in reverse reference situation

- It is about proxy settings, which are used internally on the apache server

CVE-2021-44790

- This vulnerability is a case that cannot be dealt with in a pattern.

- Regarding compliance with MIME rules, blocking that routine will cause a number of service failures.

- Possible problem if there is no 8 byte between crlf and end

These vulnerabilities are limited to specific versions of Apache HTTP Server and require the latest version update to be applied.

Please also note that our product line is not within the scope of impact.

Thank you.

Scroll Up