You are here

Home › Apache HTTP Server Vulnerabilities fixed in Version 2.4.50 and 2.4.51

Apache HTTP Server Vulnerabilities fixed in Version 2.4.50 and 2.4.51

Submitted on 11. October 2021 - 17:23 by rischi.
Last update on 19. October 2021 - 10:11.
IDs: 
CVE-2021-41773, CVE-2021-41524, CVE-2021-42013
Keywords: 
httpd
Description: 

The Apache HTTP Server version 2.4.50 and 2.4.51 fixes 3 vulnerabilities [1].

Airlock Gateway is not affected

Details:

  • CVE-2021-41524: null pointer dereference in h2 fuzzing
    Vulnerability was introduced in version 2.4.49. This version is not used by any supported Airlock Gateway release.
  • CVE-2021-41773 Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
    Vulnerability was introduced in version 2.4.49. This version is not used by any supported Airlock Gateway release.
  • CVE-2021-42013 Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) 
    Vulnerability was introduced in version 2.4.50. This version is not used by any supported Airlock Gateway release.
Resolution: 

no action required

Component: 
Airlock
Airlock Vulnerability Status: 
Airlock vulnerable, see resolution
Back-end Vulnerability Status: 
No action required
Reference: 
[1] Apache httpd 2.4 vulnerabilities
© Ergon Informatik AG