Apache – CVE-2021-39275

Description

Kayran has detected that the Version of Apache HTTP Server being used has an ‘Out-of-bounds Write’ vulnerability (CWE-787). Also known as CVE-2021-39275.

That means that the software writes data past the end, or before the beginning, of the intended buffer.
Typically, this can result in the corruption of data, crashes, or code executions.

The ap_escape_quotes() may write beyond the end of a buffer when given malicious inputs.
No included modules should be able to pass untrusted data to these functions, but third-party / external modules might do.
This will allow unauthenticated remote attackers to crash the server or potentially execute codes on the system with the privileges of an httpd user.

It will lead to information being disclosed, assisting attackers in performing attacks against your assets.
There’s a chance that this vulnerability will allow attackers to modify system files and information. Also, it could cause a decrease in performance and interruptions in the availability of resources.

Recommendation

To fix CVE-2021-39275, upgrade the version of Apache HTTP Server being used to 2.4.49 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275

https://cwe.mitre.org/data/definitions/787.html

< Return to all Vulnerabilities

Man-In-The-Middle Attacks

Do you know these people who just push themselves into conversations?That’s Man-In-The-Middle Attacks. And from a wider angle, Man-In-The-Middle Attacks, or MITM, are built around

Read More »

What is Kayran

Kayran scanner is helping all businesses, both SMBs and enterprises, to test their online assets and products for over 30,000+ vulnerabilities.Kayran’s mission is to make

Read More »

Active Directory Hacking

What does Active Directory mean? The Active Directory infrastructure is a critical infrastructure in most organizations, and it forms the backbone of the organization’s computing

Read More »