vendor:
Apache HTTP Server
by:
Sunil Iyengar
9.8
CVSS
CRITICAL
Buffer Overflow
119
CWE
Product Name: Apache HTTP Server
Affected Version From: Any version less than 2.4.51
Affected Version To: 2.4.51
Patch Exists: YES
Related CWE: CVE-2021-44790
CPE: a:apache:http_server:2.4.50
Metasploit:
https://www.rapid7.com/db/vulnerabilities/redhat_linux-cve-2021-44790/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2021-44790/, https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-2-cve-2021-44790/, https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp5-cve-2021-44790/, https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp9-cve-2021-44790/, https://www.rapid7.com/db/vulnerabilities/apache-httpd-cve-2021-44790/, https://www.rapid7.com/db/vulnerabilities/debian-cve-2021-44790/, https://www.rapid7.com/db/vulnerabilities/alma_linux-cve-2021-44790/, https://www.rapid7.com/db/vulnerabilities/oracle-solaris-cve-2021-44790/, https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2021-44790/, https://www.rapid7.com/db/vulnerabilities/ibm-http_server-cve-2021-44790/, https://www.rapid7.com/db/vulnerabilities/oracle_linux-cve-2021-44790/, https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2021-44790/, https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp10-cve-2021-44790/, https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2021-44790/, https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2021-44790/, https://www.rapid7.com/db/vulnerabilities/apple-osx-apache-cve-2021-44790/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2021-44790/, https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp3-cve-2021-44790/, https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp8-cve-2021-44790/
Platforms Tested: Kali, MacOS Monterey
2023
Apache 2.4.x – Buffer Overflow
A buffer overflow vulnerability exists in Apache 2.4.x versions less than 2.4.51. An attacker can send a specially crafted HTTP request with a malicious payload to the vulnerable server, which can lead to a denial of service or arbitrary code execution. The payload is sent as a multipart/form-data with a boundary value of 4, which can be changed to any other value. The form data returns a response of 'memory allocation error: block too big', but if the payload is changed to name="name"4, the lua module overflows 3 more bytes during memset.
Mitigation:
Upgrade to Apache 2.4.51 or later versions, or apply the patch provided by the vendor.