A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
Information
Published : 2021-12-20 04:15
Updated : 2022-11-02 06:18
NVD link : CVE-2021-44224
Mitre link : CVE-2021-44224
JSON object : View
CWE
CWE-476
NULL Pointer Dereference
Products Affected
oracle
- communications_session_route_manager
- instantis_enterprisetrack
- communications_session_report_manager
- communications_operations_monitor
- communications_element_manager
- http_server
apple
- macos
- mac_os_x
apache
- http_server
tenable
- tenable.sc
fedoraproject
- fedora
debian
- debian_linux