Vulnerability Database
Blog
FAQ
Docs
BIT-apache-2021-30641
See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/apache/BIT-apache-2021-30641.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-apache-2021-30641
Aliases
CVE-2021-30641
Published
2024-03-06T10:56:03.376Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details
Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'
References
http://httpd.apache.org/security/vulnerabilities_24.html
http://www.openwall.com/lists/oss-security/2021/06/10/8
https://lists.apache.org/thread.html/r2b4773944d83d2799de9fbaeee7fe0f3fd72669467787e02f434cb10%40%3Cannounce.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/
https://security.gentoo.org/glsa/202107-38
https://security.netapp.com/advisory/ntap-20210702-0001/
https://www.debian.org/security/2021/dsa-4937
https://www.oracle.com/security-alerts/cpuoct2021.html
Affected packages
Bitnami
/
apache
Package
Name
apache
Purl
pkg:bitnami/apache
Severity
5.3 (Medium)
CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSS Calculator
Affected ranges
Type
SEMVER
Events
Introduced
2.4.39
Fixed
2.4.46
BIT-apache-2021-30641 - OSV